Putting  802.11n  to  the  test 

Early  adopter  says  speedy  wireless  LAN  technology  exceeding 
expectations.  Page  14. 


Len  Bosack’s  Next  Big  Thing 

Cisco  co-founder  is  pushing  optical  networking  this 
time  around.  Page  29. 


IPv6  goes  to  the 
office 

Testing  shows  that 
applications  such  as 
file-sharing  and 
printing  work,  but 
expect  to  make  a  big 
training  investment. 
Page  12. 


Who  needs  faster 
Fibre  Channel? 

That’s  what  some 
customers  are  asking 
as  8Gbps  products 
start  to  roll  out. 

Page  16. 


How  Cisco 
finds  new$1B 
businesses 

Emerging 

Technologies  Group 
uses  internal  start¬ 
up  model  to  exploit 
market  changes. 

Page  18. 


Phishing  for 
research 

Meet  a  professor 
who  perpetrates 
online  attacks  on 
unsuspecting  Web 
surfers  in  the  name 
of  improving  comput¬ 
er  security. 

Page  26. 


■CLEAR  CHOICE  TEST 

WAN  acceleration 

|  ■  App  acceleration  tools 


Riverbed  bests  Cisco, 
Blue  Coat  and  Silver 


Peak,  but  all  four  prod¬ 
ucts  put  up  impressive 


months  in  a  massive  test  bed  that 
sent  traffic  from  coast  to  coast. 
Any  of  these  products  will  speed 
applications,  reduce  WAN  bandwidth 
and  save  significant  amounts  of 
money.  Page  44 

www.networkworld.com 

Keith  Shaw  goes  inside 
the  testing  process 
with  Network  World 
Lab  Alliance  member 
David  Newman  (right) 
in  this  podcast. 
www.nwdocfinder.com/9947 


Linux  looks  to  advance 
via  apps,  data  center 


BY  JOHN  FONTANA 

SAN  FRANCISCO  —  Having  secured 
mainstream  acceptance,  the  Linux  commu¬ 
nity  stands  poised  to  take  on  its  next  chal¬ 
lenge:  complementing  the  operating  sys¬ 
tem  with  the  applications, 
data  center  technologies  and 
edge  devices  corporate  cus¬ 
tomers  want. 

The  evidence  of  what  is  to 
come  was  on  display  last  week  at  the 
annual  LinuxWorld  conference,  where 
11,000  attendees  gathered  to  check  out 
advances  in  such  technologies  as  virtu¬ 
alization,  management,  security  and 
mobile  devices,  all  primed  to  deliver  on 
the  open  source  promise  and  build  on 
the  Linux  momentum. 


The  message  was  that  Linux  clearly  has 
arrived,  and  now  is  the  time  for  other  proj¬ 
ects  to  build  on  its  success. 

But  it  is  not  all  roses:  Linux  has  yet  to 
crack  the  desktop  in  any  significant  way 
the  server  installed  base  lags 
15  million  behind  Windows, 
Sun  is  biting  at  the  Linux  ker¬ 
nel,  and  there  is  still  plenty  of 
distrust  as  Microsoft  jockeys 
for  its  position  in  the  inevitable  integration 
taking  place  between  Windows  and  Linux 
at  the  infrastructure  and  middleware  layers 
of  corporate  networks. 

Credibility  and  trust  around  open  source 
and  Linux-based  software  and  appliances 
independent  software  vendors  (ISV)  and 
See  LinuxWorld,  page  18 
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- [  yourtakeQ&A  ] - 

Optimization 

recommendations 

Three  top  IT  shops  share  real-world  strategies  for 
maximizing  their  data  centers  and  networks 


■  Lucasfilm  renders  big 
performance  boosts  to  build 
new  blockbusters.  Page  32 


■  CME  Globex  shaves  trading 
transaction  times  razor  thin. 
Page  36 


■  Aurora  Health  Care  finds 
relief  in  server  centralization, 
WAN  acceleration.  Page  40 


Your  potential.  Our  passion. 

Microsoft 


1.  What's  making  the  Spiders  so  big? 

Giant,  man-eating  Spiders  aren't  born  that  way.  Find  the  source  of 
their  transformation  and  you'll  know  how  best  to  beat  them.  Is  an 
abandoned  chemical  plant  nearby?  Has  a  strange  meteorite  recently 
landed?  Exactly  how  old  is  the  milk  in  the  fridge? 

2.  Use  proven  methods. 

Spiders  are  best  handled  the  old-fashioned  way:  by  crushing,  smooshing, 
swatting,  etc.  Freakishly  huge  Spiders  are  no  different.  Grab  a  rolled-up 
newspaper,  or  simply  wad  up  a  handful  of  toilet  paper,  and  have  at  it. 
Unlike  normal  spiders,  though,  the  big  ones  will  clog 
your  sink,  so  show  caution. 


3.  Use  your  superior  human  intellect. 

Spiders  are  crafty  hunters  and  one  of  nature's  most  efficient  predators.  A  giant 
Spider  can  be  even  more  intimidating.  Remember  though,  you  are  a  human, 
and  while  you  may  lack  razor-sharp  pincer  jaws,  you  have  the  superior  intellect. 
Use  a  firm  hand  and  some  cunning,  and  the  Spider  has  no  chance. 


4.  Put  them  to  work. 

So  you've  used  your  superior  intellect  to  vanquish  the  Spider;  why 
not  take  it  one  step  further?  Use  positive  reinforcement  to  train  the 
Spider.  Soon  you'll  have  it  helping  out  around  the  office,  running 
errands,  making  coffee  and  copies,  etc. 


5.  Bug  spray  (a  better  way). 

The  world's  going  green  and  we're  all  for  saving  the  environment,  so  even 
when  faced  with  rampaging,  six-foot  tarantulas,  try  some  earth-friendly  pest 
control  instead.  Mix  one  drop  of  peppermint  or  citronella  oil  to  one  quart 
water,  borrow  the  neighbor's  sprayer,  and  start  pumping  away. 


6.  Turn  their  strength  into  a  weakness. 

Eight  legs  are  essential  for  scurrying  over  sticky  webs.  In  an  office 
setting,  though,  they  can  be  a  liability.  Trip  the  Spider  up  with  cables, 
masking  tape,  or  even  toilet  paper — whatever  you  have  at  hand 
Once  they're  tangled,  push  them  over  and  run  like  heck. 


repelling  spyware,  easier 


1.  Implement  Microsoft  Forefront. 

Forefront™  makes  defending  your  systems  easier.  It's  a  simple-to-use,  integrated 
family  of  client,  server,  and  edge  security  products  (such  as  Forefront  Client 
Security)  that  helps  you  stay  ahead  of  your  security  threats  more  easily  than  ever. 
For  case  studies,  free  trials,  demos,  and  all  the  latest  moves,  visit  easyeasier.com 


it  coming 


ProCurve  ProActive  Defense  allows  you  to  detect,  identify 
and  minimize  threats  before  they  compromise  your  network 


View  our  free  video  at  www.procurve.com/proactive 

Discover  how  ProCurve  Networking  by  HP  can  help  you  handle  today’s 
network  security  needs  and  adapt  to  tomorrow’s  security  challenges. 
For  more  information,  call  (800)  975-7684,  ref.  code  proactive 


ProCurve 

Networking  by  HP 


The  leading  lifetime  warranty  in  the  industry 


For  as  long  as  you  own  the  product,  with  next  business  day  advance  replacement  (available  in  most  countries),  The  following  products  and  their  reJated  family  Modules  have 
a  one  year  warranty  with  extensions  available:  ProCurve  Routing  Switch  9300m  Series.  ProCurve  Switch  8100fl  Senes.  ProCurve  Access  Control  Server  745wl  and  ProCurve 
Network  Access  Controller  800.  For  details,  refer  to  the  ProCurve  Software  License,  Warranty  and  Support  booklet  at  http://wWw.hp.coni/rhd/suppOrt/  warranty/ index.htm 
©  2007;  Hewlett  Packard  Development  Company.  L.R 
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COOLTO0LS 


■  SanDisk's  latest  Cruzer  Professional 
and  Enterprise  USB  flash  drives 
require  a  password  to  be  accessed. 
See  Cool  Tools,  page  24. 
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■CLEAR  GH0IGE  TEST 

WAN  acceleration 


|  ■  App  acceleration  tools 


■  Riverbed  bests  Cisco,  Blue  Coat  and 
Silver  Peak,  but  all  four  products  put  up 
impressive  performance  numbers. 


We  pounded  on  these  application-acceleration 
products  for  seven  months  in  a  massive  test 
bed  that  sent  traffic  from  coast  to  coast. 

Any  of  these  products  will  speed  applications, 
reduce  WAN  bandwidth  and  save  significant 
amounts  of  money,  Page  44 

www.networkworld.com 

Keith  Shaw  goes  inside  the  testing  process 
with  Network  World  Lab  Alliance  member  David 
Newman  in  this  podcast. 

www.nwdocfinder.com/9947 


Three  top  IT  shops  share  real-world  strategies  for 
maximizing  their  data  centers  and  networks 


■  Lucasfilm  renders  big 
performance  boosts  to  built 
new  blockbusters.  Page  32 


■  CME  Globex  shaves 
trading  transaction  times 
razor  thin.  Page  36 


■  Aurora  Health  Care  finds 
relief  in  server  centralization, 
WAN  acceleration.  Page  40 
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Yes,  CPR  worked  37% 

Vote  and  discuss:  www.nwdocfinder.ccm  /9935 


Bridge  fixes  on  the  way 

While  it’s  too  bad  some  of  these  tech¬ 
nologies  weren’t  further  along,  a  host 
of  schools,  from  the  University  of 
Michigan  to  Clarkson  University,  last 
week  touted  wireless  sensor  and 
nanotechnology  work  in  their  labs  that 
they  say  could  someday  prevent  such 
tragedies  as  the  recent  Minneapolis 
bridge  collapse. 


Cisco’s  embarrassing 
little  problem 

The  network  giant’s  Web  site  went 
down  for  a  few  hours  on  Wednesday. 
Cisco  said  the  outage  was  caused  by 
“an  accident  during  maintenance  of  a 
San  Jose  data  center  that  resulted  in 
a  power  outage  in  that  facility.” 


Taking  aim  at 
the  iPhone  ► 

A  doctor  who  is 
headed  to  prison 
for  defrauding 
government 
health  insurance 
programs  claims 
he  patented  the 
touchscreen  key¬ 
board  used  by 
the  iPhone  and  is 
suing  Apple  in 
federal  court. 

The  suit  report¬ 
edly  demands  a 
permanent 
injunction 
against  Apple,  as 
well  as  damages  and  attorney’s  fees. 


P *LL 


A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
iast  week: 


Ever  dropped  a  gadget  in  the  sink  or 
worse? 


.P.  33% 


Momma  raised 
no  fools  30% 


Yes,  R. 


GOODBADUGLY 


PEERSAY 


Editor's  note:  Continue  the  discussions  online. 
Use  the  DocFinder  URL  after  the  writers' names 
to  join  the  discussions  in  which  they  originally 
posted  their  comments. 

700MHz  protocol  issues 

Re:“FCC  spectrum  ruling:  Is  that  all  there  is?” 
(www.nwdocfinder.com/9963) 

Unless  there  is  a  mandate  to  deploy  a  sin¬ 
gle  technology  in  the  700MHz  space,  there 
will  be  a  requirement  for  device  manufac¬ 
turers  to  support  a  number  of  disparate  tech¬ 
nologies;  GSM- [Enhanced  Data  rates  for  GSM 
Evolution] /[Universal  Mobile  Telecommuni¬ 
cations  System] /[Code  Division  Multiple 
Access] /[Evolution  Data  Optimized]  in  one 
device.  What  about  [High-Speed  Downlink 
Packet  Access] /[High-Speed  Uplink  Packet 
Access]  and  [Ultra 
Mobile  Broadband]? 

Don’t  forget  WiMAX 
may  be  a  contender 
as  well. 

So  now  1  have  a  de¬ 
vice  supporting  any 
available  technology: 
at  what  price  and  at 
what  performance? 

Using  your  example 
of  the  iPhone,  Apple  needed  to  add  a  CDMA 
chipset  to  work  on  Verizon’s  network.  Verizon 
and  AT&T  have  different  wireless  protocols. 

The  question  here  is  why  Apple  selected 
GSM  only?  Cost?  Performance? 

If  you  want  “open  architecture,”  then  you 
need  a  single  wireless  protocol  in  the  United 
States  or  devices  that  support  any  technology 

Jeffrey  Stytz 

www.nwdocfinder.com/9964 


speeds  if  there  is  a  802.1  lg  AP  or  network 
device  in  the  network)  so  those  “unbeliev¬ 
able”  numbers  are  no  more. 

Unless  the  university  plans  to  force  the  net¬ 
work  to  operate  at  n-only  the  results  will  be 
less  than  spectacular  once  a  poor  student 
connects  his  802.1  lb  (or  g)  device  to  the  net¬ 
work.  In  the  end  all  it  takes  is  one  person. 

Ivan  B 

www.nwdocfinder.com/9966 


IT  on  the  food  chain 

Re:  “IT:  red  in  tooth  and  claw”  (www.nw 
docfinder.com/9967) 

Where  on  the  IT  food  chain  do  1  fit?  Good 
question,  and  it  depends  on  who  you  ask. 

Ask  the  CIO  or  VP  and  I  am  a  sloth.  The 
CEO  probably  looks 
at  me  as  an  ele¬ 
phant.  Ask  the  pro¬ 
curement  manager, 
and  I  am  a  pig.  My 
employees  believe 
me  to  be  a  weasel  or 
a  bacterium. 

So  how  come  no 
one  sees  me  as  the 
tiger  I  really  am? 

OK,  this  is  embarrassing.  The  QC.  tech  just 
walked  through,  read  this  response,  and  left 
laughing.  She  said  something  that  sounded 
like  “tiger  orTigger?” 

Just  wait  until  I  spring  on  her  in  the  hall,  tear 
out  her  throat,  and  drag  her  into  a  quiet  tree  to 
devour  her. . . .  Where  is  a  Tigger  on  the  food 
chain  anyway? 

Stew 

www.nwdocfinder.com/9968 


MIf  you  want  “open  architec¬ 
ture,”  then  you  need  a  single 
wireless  protocol  in  the 
United  States  or  devices  that 
support  any  technology.55 


It  only  takes  one  bad  apple 

Re:  “802.1  In  wireless  LAN  tests  show  ‘unbe¬ 
lievable’  results  at  state  college”  (www.nw 
docfinder.com/9965) 

What  happens  if  I  put  up  a  rogue  802.11b 
(or  g)  AP  in  the  building  or  connect  my  lap¬ 
top  to  the  802.1  In  network  with  a  b  (or  g) 
network  card? 

It  all  gets  downgraded  to  b-speeds  (or  g- 

►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 

To  get  the  client 
software,  use  your 
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phone  browser  to 


visit  wap.connexto.com 


For  more  information  on  code  scanning 
see  www.nww.com/codescan 


A  knack  for  NAC 

It  is  very  difficult  sometimes  in  the  current 
plethora  of  NAC  vendors  to  really  get  back  to 
the  true  reason  for  NAC:  enforcing  the  orga¬ 
nization’s  security  policy.  I  always  recom¬ 
mend  that  organizations  look  at  how  easily 
enforcement  of  their  specific  security  policy 
can  be  enforced  with  the  proposed  NAC 
solution.  A  good  NAC  solution  can  not  only 
perform  the  normal,  “standard”  host  checks, 
like  Windows  hotfixes,  AV/AS,  but  also  cus¬ 
tom  checks  for  software  like  [a  host-based 
intrusion-prevention  system]  and  encryption 
software,  or  even  check  if  unauthorized  peer- 
to-peer  or  instant-messenging  software  is 
installed  or  running.  It  is  one  thing  to  enforce 
what  the  industry  thinks  NAC  should  check 
for,  but  in  the  real  world  your  NAC  solution 
should  enforce  your  policy  and  everything 
that  encompasses  that  policy! 

Jamie  Sanbower 

www.nwdocfinder.com/9969 
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with  a  new  2-yr.  activation  on  a  $ 59.99  BroadbandAccess  plan 
$49.99  2-yr.  price  minus  $50.00  Mail-In  Rebate  =  Free 
Give  your  employees  the  freedom  to  email, 
download  and  browse  the  Internet  at  even 
faster  speeds  on  our  EV-DO  Rev  A  network. 
Simple.  Secure.  Faster  Than  Ever. 


DRIVE  We'll  pay  for  your  service.  Now  you  can  test  drive  America's  most  reliable  wireless  broadband  network  for  30  days.  If 
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IKTERVIEWS,  THE  COOLEST  TOOLS  AND  MORE 


COOL  TOOLS: 


NEWS  VIDEO: 


PANORAMA  PODCAST: 


WVlOEO 


Buzzed  about  mobile 
video 

Buzzwire  offers 
streamed  video  and 
audio  without  requiring  a 
special  client  on  the 
phone.  Program  Director 
Keith  gets  the  lowdown 
from  Buzzwire  CMO 
John  Kelley. 

www.nwdocfinder.com/9974 


Defcon  nabs  under¬ 
cover  TV  reporter 

Attendees  at  the  Def¬ 
Con  conference  dis¬ 
cover  a  "Dateline  NBC” 
producer  at  the  show 
and  escort  her  from  the 
proceedings. 

www.nwdocfinder.com/9975 


NW 

PANORAMA 


Why  hackers  love 
your  apps 

Jack  Danahy  from 
Ounce  Labs  talks  to 
Multimedia  Editor 
Jason  Meserve  about 
what  can  be  done  to 
shore  up  custom  code 
from  a  hacker  attack. 
www.nwdocfinder.com/9976 


BEST  OF  NW’S 
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Appreciating  your  SysAdmin 

The  MPLS  total  customer  experience;  Women  in  IT 


BLOGOSPHERE 


■  Imagine  being  at  the  Imagine  Cup 

Microsoft  Subnet  blogger  Rand  Morimoto 
has  been  in  Seoul,  South  Korea,  since 
August  3  as  a  judge  of  Microsoft's  presti¬ 
gious  Worldwide  Imagine  Cup. 
Competitors  had  24  hours  to  complete 
unbelievable  tasks,  with  no  sleep.  “Okay, 
well,  we're  well  past  15  hours  into  the 
24-hour  competition  period,  and  the  com¬ 
petitors  are  holding  up  amazingly  well! 
Fortunately  one  of  the  sponsors  of  this 
event  is  Coca-Cola  Korea,  and  the  hotel 
staff  has  been  kind  enough  to  keep 
restocking,"  he  writes.  "I  did  survive  eat¬ 
ing  the  pickle  sandwich  and  green- 
speckled  cookie  enough  to  help  judge  the 
third  milestone  round  at  5  a.m.  here."  Get 
photos,  videos  and  the  inside  story. 
www.nwdocfinder.com/9948 

■  The  bitter  Blue  Pill 

Security  expert  and  Cisco  Subnet  blogger 
Jamey  Heary  asks  how  would  we  know  if  our 
PCs  are  infected  with  the  Blue  Pill  mal¬ 
ware?  "I  found  the  most  interesting,  and 
most  deadly,  topic  to  be  about  virtualized 
malware,  or  stealth  malware.  The  most 
famous  rendition  of  virtualized  malware  is 
the  Blue  Pill  project  by  Joanna  Rutkowska. 
Joanna  has  been  researching  this  for  about 
2  years  now. This  stuff  is  not  theoretical . . . 
The  name  Blue  Pill  (think  ‘The  Matrix' 
movie)  is  no  accident.” 
www.nwdocfinder.com/9949 

■  Get  a  First  Life 

Gibbsblog  blogger  Mike  Baska  wants  the 
mania  around  Second  Life  to  chill.  He 
writes:  "Linden  Labs  developed  Second 
Life  (2L)  as  a  game,  but  it’s  gone  nuts. . . . 
It’s  not  that  long  ago  that  a  2L  worm  was 
able  to  steal  an  avatar’s  resources,  yet 
millions  of  people  are  drawn  into  2L  and 
they  are  spending  real  money  there.  IBM 
has  invested  $1M  (allegedly)  creating  a 
presence  in  2L.  When  does  a  game  stop 
being  a  game?” 
www.nwdocfinder.com/9950 

■  Make  mine  a  million 

Women-owned  businesses  face  more  obsta¬ 
cles  than  your  typical  start-up.  SMB  expert 
James  Gaskin  says  in  the  long  term,  this 
hurts  us  all.  He  writes:  “The  stereotypical 
corporate  boardroom  full  of  middle-aged 
white  guys  still  rings  true  far  too  often.  Hence 
the  continuing  need  for  projects  like  Count 
Me  In  and  the  Make  Mine  a  Million  $  Business 
project  sponsored  by  American  Express 
Open  and  Cisco.  The  simple  premise?  Help 
women-owned  businesses  grow." 
www.nwdocfinder.com/9951 


Network/systems  management:  The  last 
Friday  of  this  past  July  marked  the  8th  Annual 
System  Administrator  Appreciation  Day  —  a 
day  to  recognize  all  the  typically  unnoticed 
efforts  of  systems  administrators,  network 
managers,  database  administrators  and  other 
IT  professionals.  Last  year  a  group  of  industry 
organizations  and  vendors  established  a  con¬ 
test  around  the  appreciation  day  created  by 
Ted  Kekatos,  naming  one  among  5,000  nomi¬ 
nated  IT  professionals  SysAdmin  of  the  Year. 
Winner  Michael  Beck  enjoyed  the  recogni¬ 
tion,  but  the  prize  —  a  trip  to  a  Washington, 
D.C.  LiSA  conference  —  wasn't  really  the 
thrill  of  a  lifetime. The  all-expense-paid  trip 
took  him  just  a  just  a  few  miles  from  his 
Herndon, Va.,  workplace. Yet  Beck  more  than 
appreciated  the  nod;  he  was,  after  all,  nomi¬ 
nated  by  his  boss  and  peers. 
www.nwdocfinder.com/9971 

Wide-area  networking:  With  the  rollout  of 
MPLS  services  well  under  way,  researcher 
Kubernan  is  in  the  middle  of  defining  the 
Total  Customer  Experience  (TCE)  for  MPLS 
customers.The  TCE  is  a  method  of  quantify¬ 
ing  the  overall  importance  of,  and  satisfaction 
with,  a  number  of  components  of  evaluating, 
purchasing  and  operating  an  MPLS  network. 


Although  the  components  of  the  TCE  have 
been  identified,  their  weighting  still  is  being 
researched.  From  a  top-down  approach,  the 
TCE  consists  of  five  key  areas:  current  MPLS 
VPN  experience,  MPLS  VPN  buying  and  evalu¬ 
ation  process,  delivery  and  installation  of  ser¬ 
vices,  support,  and  billing. 
www.nwdocfinder.com/9972 

IT  careers  and  training:  The  feedback  to 
our  ongoing  discussion  about  certification  vs. 
real-life  work  experience  was  very  interesting. 
The  thread  of  the  discussion  is  whether 
employers  now  are  more  likely  to  give  skills 
bonuses  to  pros  with  the  right  experience 
even  though  they  may  not  possess  technical 
certifications.  One  reader  wrote  in  suggesting 
that  certifications  may  help  women  in  partic¬ 
ular  in  their  technical  careers.The  reader's 
e-mail  arrived  just  as  CareerBuilder  and  Kelly 
Services  issued  a  survey  titled  “Diversity  in  the 
Workplace.”  It  found  that  one  in  four  female 
workers  have  experienced  discrimination  or 
unfair  treatment  at  work,  including  not  receiv¬ 
ing  credit  for  one's  work,  not  having  concerns 
addressed  or  taken  seriously  feeling  ideas  or 
input  are  generally  being  ignored,  and  being 
overlooked  for  a  promotion. 
www.nwdocfinder.com/9973 
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What’s  driving  your  success?  For  many  leading  organizations,  it’s  having  a  single  resource  for 
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Active  RFID  market  surging 

The  use  of  battery-powered  wireless  products  in  tagging  and  tracking  applica¬ 
tions  is  rising  sharply,  according  to  a  British  consulting  firm.“Active  RFID”  uses 
almost  any  wireless  technology  —  from  short-range  802.15.4  sensor  radios  to 
Wi-Fi  and  cellular  —  in  tags  that  have  a  battery  or  other  power  source.  The  tags 
attach  to  equipment,  vehicles  and  even  livestock,  and  can  be  used  for  asset  man¬ 
agement  and  location  tracking.  By  contrast,  passive  RFID  tags  rely  on  the  energy 
from  a  wireless  scan  by  a  tag  reader,  usually  just  a  few  feet  away  The  surge  in  inter¬ 
est  in  active  RFID  will  boost  it  from  about  13%  of  the  total  RFID  market  in  2007,  to 
26%  (or  $7  billion)  in  10  years,  according  to  IDTechEx.  Fueling  the  segments 
growth  is  demand  for  real-time  location  systems  for  tracking,  finding  and  moni¬ 
toring  things  and  people,  www.nwdocfinder.com/9981 


RSA  to  buy  data-leak  detection  company 

EMC’s  RSA  group  plans  to  acquire  data-leak 
protection  vendor  Tablus,  whose  software 
called  Content  Sentinel  monitors  computers 
to  catch  when  they  are  used  to  leak  sensitive 
information.  It  is  one  of  a  growing  list  of  prod¬ 
ucts  developed  in  the  past  few  years  to  help 
CIOs  demonstrate  compliance  with  federal 
regulations,  such  as  the  Health  Insurance 
Portability  and  Accountability  Act  and 
Sarbanes-Oxley  Tablus  has  been  offering 
Content  Sentinel  since  early  2004.The  acqui¬ 
sition,  which  is  expected  to  be  completed  by 
year-end,  dovetails  with  RSAs  plans  to  devel¬ 
op  a  full  portfolio  of  products  that  can  be 
used  to  secure  sensitive  corporate  informa¬ 
tion  behind  the  firewall.  Financial  terms  were 
not  disclosed 

www.nwdocfinder.com/9982 

Dell  to  pay  $48.5M  to  ousted  CEO 

Dell  will  pay  former  CEO  Kevin  Rollins  $48.5 
million  for  his  stock  options  six  months  after 
he  resigned  in  the  wake  of  investor  criticism 
about  the  vendor  losing  market  share  to 
rival  HPThe  award  is  far  greater  than 
Rollins’  original  severance  package  of  $5 
million,  to  be  paid  in  installments  through 
April  2008.  Dell  plans  to  make  the  new  pay¬ 
ment  within  45  days  after  filing  a  long-over¬ 
due  annual  report  for  its  2007  fiscal  year,  the 
company  reported  in  a  filing  to  the 
Securities  and  Exchange  Commission. 
However,  it  is  unclear  when  that  will  hap¬ 
pen,  because  Dell  has  already  missed  dead¬ 
lines  for  filing  its  past  three  quarterly  earn¬ 
ings  reports,  called  Form  10-Qs,and  the 
annual  report,  Form  10-K.That  behavior  has 
earned  the  company  a  series  of  warnings 
that  the  Nasdaq  stock  exchange  may  stop 
trading  Dell  securities.The  company  says  it 
cannot  file  the  missing  papers  until  it  com¬ 
pletes  an  internal  audit. 
www.nwdocflnder.com/9983 

Panel  approves  supercomputer  funding 

The  National  Science  Board  has  authorized 
funding  for  two  of  the  world’s  most  powerful 
supercomputers,  one  of  them  capable  of 


petaflop-speed  operations.  The  National 
Science  Board  action  allows  the  National 
Science  Foundation  to  move  forward  with  the 
purchase  of  the  systems,  but  the  NSF  cannot 
confirm  that  IBM  will  win  the  contract  to  build 
the  world’s  fastest  computer  at  the  University 
of  Illinois  at  Urbana-Champaign,  as  was  report¬ 
ed  last  week  in  The  New  York  Times,  said  Leslie 
Fink,  an  NSF  spokeswoman. The  Times  report¬ 
ed  that  documents  inadvertently  published  on 
NSF’s  Web  site  identified  IBM  as  the  leading 
candidate  to  build  a  supercomputer  called 
Blue  Waters,  which  would  be  about  500  times 
more  powerful  than  most  current  supercom¬ 
puters.  Blue  Waters  is  expected  to  go  live  in 
2011,  and  the  National  Science  Board’s  deci¬ 
sion  last  week  approves  funding  of  $208  mil¬ 
lion  over  four  and  a  half  years. 
www.nwdocfinder.com/9984 

Cisco  beats  Q4  earnings  expectations 

Cisco  surpassed  analyst  expectations  again 
last  week  when  it  posted  fourth-quarter  earn¬ 
ings  of  $2.3  billion  on  sales  of  $9.4  billion. 
The  results  exceeded  analyst  estimates  of 
$9.29  billion  in  revenue  and  earnings  of  $2.24 
billion,  according  to  Thomson  Financial. 
Revenue  increased  18%  over  last  year’s  fourth 
quarter,  and  earnings  for  the  same  period 
were  up  21. 2%.  Scientific-Atlanta,  acquired  in 
February  2006,  contributed  $2.8  billion  to  net 
sales  for  fiscal  2007,  compared  with  $989  mil¬ 
lion  for  fiscal  2006. 
www.nwdocfinder.com/9986 

Fujitsu  links  biometrics  with  eDirectory 

Fujitsu  last  week  introduced  a  fingerprint 
reader  and  a  biometric  logon  kit  that  inte¬ 
grates  with  Novell’s  eDirectory  and  is 
designed  to  tighten  user-access  control. The 
biometric  logon  is  designed  to  replace  smart 
cards,  tokens,  and  user  name  and  password 
as  authentication  methods  for  users.The  bio¬ 
metric  device  is  supported  on  Novell’s 
eDirectory  running  on  Linux,  NetWare  and 
Windows.  Fujitsu  will  deliver  the  fingerprint 
reader,  which  connects  to  a  desktop  or  lap¬ 
top  via  a  USB  port. 
www.nwdocfinder.com/9987 
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AT&T:  We  didn’t  censor  Pearl  Jam. 

Rock  band  Pearl  Jam  is  crying  foul  after 
an  AT &T  Webcast  censored  politically 
themed  lyrics  by  lead  singer  Eddie 
Vedder,  but  AT&T  said  Thursday  the 
editing  was  a  mistake  by  a  contractor. 
Pearl  Jam's  Sunday  Lollapalooza  per¬ 
formance  was  carried  on  AT&T's  Blue 
Room  site,  which  provides  free  videos  of 
concert  performances,  sporting  events 
and  other  content.  Pearl  Jam  called  for 
the  U.S.  government  to  pass  'Net  neu¬ 
trality  rules  prohibiting  broadband 
providers  from  blocking  or  slowing  Web 
content  that  uses  their  pipes. 
www.nwdocfmder.com/9988 

Google  deletes  own  blog 

Readers  of  Google's  Custom  Search 
Blog  were  handed  a  surprise  last  week 
when  the  Web  site  was  temporarily 
removed  from  the  blogosphere  and 
hijacked  by  someone  unaffiliated  with 
the  company. The  problem?  Google  had 
mistakenly  identified  its  own  blog  as  a 
spammer’s  site  and  handed  it  over  to 
another  person. The  change  was  noticed 
by  the  Google  Blogoscoped  Web  site, 
which  discovered  that  posts  on  the 
Custom  Search  Blog  had  been  deleted 
and  replaced  by  a  strange  comment  from 
someone  identifying  himself  as  Srikanth. 
www.nwdocfinder.com/9979 

Vonage  nearly  done  with  work¬ 
arounds.  As  part  of  the  cleanup  after 
being  sued  successfully  by  Verizon, 
Vonage  Holdings  has  “substantially 
completed"  the  deployment  of 
workarounds  for  two  of  three  VoIP 
patents  claimed  by  Verizon,  Vonage 
announced  last  week.  Vonage,  the 
largest  independent  VoIP  provider, 
began  deploying  the  two  workarounds 
about  July  1,  Chairman  and  Interim 
CEO  Jeffrey  Citron  said  during  a  con¬ 
ference  call  on  the  company’s  second - 
quarter  fiscal  2007  earnings.  Vonage  has 
completed  development  on  the  third 
workaround,  Citron  added. The  company 
consulted  outside  experts  to  make  sure 
the  workarounds  do  not  violate 
Verizon’s  patents,  he  said.  Verizon  sued 
Vonage  in  June  2006,  accusing  the 
smaller  company  of  infringing  seven  of 
its  patents.  In  March,  a  federal  jury 
found  that  Vonage  had  infringed  three 
Verizon  patents  and  awarded  Verizon 
$58  million.  Vonage  has  filed  an  appeal. 
www.nwdocfinder.com/9980 
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Make  Your  Connections 


With  Linksys  VPN  Routers  workers  and  companies  take  off 


Create  secure  end-to-end  VPN  (Virtual  Private  Network)  tunnels  over  the  Internet  so 
your  remote  offices  or  traveling  workers  can  access  confidential  company  files  or 
communicate  on  the  fly,  wherever  they  are  or  wherever  they  land. 


To  learn  more  about  Linksys  Connected  Office  visit  www.linksys.com/connectedoffice 
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Wireless-N  Gigabit  Security  Router  with  VPN 
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NEWS  ANALYSIS 


Is  IPv6  ready  for  the  office? 


BY  CAROLYN  DUFFY  MARSAN 

Network  engineers  completed  their  first- 
ever  test  of  common  enterprise  applications 
over  the  world’s  largest  IPv6  network  this 
summer, and  the  results  announced  last  week 
were  mixed. 

Experts  were  able  to  get  basic  office  func¬ 
tions  —  file  sharing,  printing  and  Web  design, 
for  example  —  working  with  IPv6,  but  it  wasn’t 
easy  As  for  e-mail,  well,  that  hasn’t  even  been 
tested  yet. 

The  13  companies  involved  in  the  testing, 
including  Microsoft,  HP  and  Adobe,  discov¬ 
ered  that  making  the  transition  to  IPv6  will 
require  a  significant  amount  of  training  and 
time  for  IT  staffs. 

“We  found  that  setting  up  office  applications, 
especially  if  you  had  zero  IPv6  knowledge,  you 
would  have  a  hard  time  learning  how  to  set  up 
these  servers,”  says  Erica  Johnson,  senior  man¬ 
ager  of  software  applications  at  the  University 
of  New  Hampshire’s  Interoperability  Lab 
(UNH-IOL),  which  oversaw  the  IPv6  tests. 

“There’s  going  to  be  a  knowledge  gap  for  net¬ 
work  administrators  and  IPv6  developers,” 
Johnson  says.  “They  are  going  to  have  a  hard 
time  setting  up  simple  servers  for  IPv6  net¬ 
works.  I  definitely  see  an  HR  challenge  for  set¬ 
ting  up  these  office  networks.” 

Testers  also  discovered  major  gaps  in  the 
availability  of  IPv6-ready  applications,  particu¬ 
larly  e-mail. 

“What  really  needs  to  be  tested  still  is  e-mail,” 
Johnson  says. “Everyone  needs  e-mail,  and  we 
have  not  seen  anything  tested  on  [the  multi¬ 
vendor  Moonv6  test  bed]  yet.  That  doesn’t 
mean  there  aren’t  e-mail  implementations  for 
IPv6,  but  that  means  they  aren’t  being  out¬ 
wardly  tested  yet.This  is  a  major  gap  for  offices 
to  be  able  to  complete  transition  to  IPv6.” 

UNH-IOL  officials  also  haven’t  seen  any  pro¬ 
prietary  applications  run  over  Moonv6  yet. 

“CRM,  billing,  inventory  databases  —  all  of 
these  applications  are  going  to  have  to  be  veri¬ 
fied  that  they  will  work  over  the  new  Internet" 
Johnson  says.  “We  also  tried  to  get  an  IP 
Multimedia  Subsystem  architecture  to  test 


voice,  video  and  data  over  IPv6,  but  we  are  not 
seeing  that  yet.  That’s  another  gap  for  IPv6  in 
moving  forward.” 

IPv6  is  a  long-anticipated  upgrade  to  the 
Internet’s  primary  communications  protocol, 
known  as  IPv4.  IPv6  has  a  virtually  limitless 
number  of  IP  addresses,  as  well  as  built-in 
security  On  the  other  hand,  IPv4  supports 
about  4.3  billion  addresses,  which  soon  will 
be  exhausted. When  all  the  IPv4  addresses  are 
handed  out,  ISPs  and  enterprises  will  need  to 
support  IPv6  on  their  networks. 

The  recent  round  of  IPv6  tests  was  con¬ 
ducted  across  the  Moonv6  backbone,  which  is 
the  largest  permanently  deployed  multivendor 
IPv6  network  in  the  world.  Managed  by  UNH- 
IOL,  Moonv6  runs  from  New  Hampshire  to 
California,  with  links  to  Europe  and  Asia.  The 
goal  of  the  recent  Moonv6  tests  was  to  see  how 
well  common  office  applications,  including 
Microsoft  Vista,  Microsoft  Longhorn  and  Adobe 
Dreamweaver,  would  perform  with  IPv6. 

“We’ve  done  a  lot  of  testing  in  the  past  regard¬ 
ing  IPv6  routing  protocols,  infrastructure  and 
the  plumbing  itself,  but  we  didn’t  know  if  it  was 
going  to  work  back  home  in  the  office,” 
Johnson  says.  “We  wanted  to  know  if  we  were 
going  to  be  able  to  create  files,  share  files  and 
print  files  in  IPv6.  We  also  wanted  to  test  Web- 
development  tools,  because  every  business 
needs  to  be  able  to  create  a  Web  site.” 

The  network  engineers  conducted  their  tests 
in  IPv4/IPv6  dual-stack  and  IPv6-only  modes. 

“The  common  office  applications  were  suc¬ 
cessful,”  Johnson  says.  “We  transferred  files.  We 
used  DNS  and  DHCPv6,as  well  as  printing.  We 
saw  that  some  really  important  office  applica¬ 
tions  are  working  today  using  IPv6.” 

Johnson  admits,  however,  that  it  was  difficult 
to  get  those  applications  to  work,  especially  for 
the  companies  involved  in  the  Moonv6  testing. 

“Our  UNH-IOL  customers  are  having  a  hard 
time  setting  up  these  office  applications  in 
their  labs,”  Johnson  says.  “It’s  quite  difficult  for 
them,  finding  what  supports  IPv6.  .  .  .  That’s 
going  to  be  the  system  administrator’s  real 
challenge:  finding  out  what  works  with  what.” 


One  feature  of  IPv6  that  excited  testers  is  Site 
Multihoming  by  IPv6  Intermediation,  known  as 
SHIM6.This  protocol  makes  it  easier  for  enter¬ 
prises  to  use  more  than  one  carrier  to  increase 
the  reliability  of  their  Internet  connections  in  a 
technique  known  as  multihoming.  SHIM6  pro¬ 
vides  a  more  efficient  method  of  multihoming 
than  with  IPv4. 

UNH-IOL  officials  hope  next  to  test  e-mail 
implementations  of  IPv6  applications  on 
Moonv6,  but  no  date  has  been  set  for  these 
tests. 

“E-mail  testing  is  our  biggest  target,”  Johnson 
says.  “We’d  also  like  to  test  instant  messaging 
and  videoconferencing  tools.lt  would  be  great 
to  stream  video.”  ■ 


InBrief 


Microsoft  plans  to  release 
security  patches  Tuesday 

Microsoft  plans  to  release  nine  sets  of 
security  patches  next  week,  including  six 
critical  updates  for  Windows,  Office, 

Internet  Explorer  and  its  Visual  Basic  devel¬ 
opment  software.The  updates  will  come  as 
part  of  Microsoft’s  regular  monthly  security- 
patch  process,  and  will  be  made  available  to 
customers  lateTuesday  morning,  Pacific 
time.  Less-serious  updates  are  also  being 
readied  for  Windows,  Windows  Vista,  and 
Microsoft's  Virtual  PC  and  Virtual  Server 
software,  Microsoft  said.  With  nine  sets  of 
patches,  August  will  be  a  busy  month  for 
system  administrators.  Microsoft  released 
just  six  updates  in  July,  and  has  averaged 
around  seven  updates  per  month  this  year. 

Symantec  patches  critical 
flaw  in  Norton  Antivirus 

A  bug  in  the  way  Norton  Antivirus  soft¬ 
ware  uses  the  ActiveX  programming  lan¬ 
guage  could  cause  serious  problems  for 
users  of  Symantec's  products.  Last  week, 
Symantec  patched  the  flaw  warning  that  a 
bug  in  two  ActiveX  controls  used  by 
Symantec’s  client  software  could  let  an 
attacker  run  unauthorized  software  on  a 
victim’s  computer.  Security  vendor  Secunia 
rates  the  problem  as  “highly  critical.”The 
flaw  is  an  “input  validation”  error,  meaning 
that  Norton  doesn’t  properly  check  the 
data  it’s  receiving  to  ensure  that  it  can’t  be 
mistaken  for  malicious  commands. 
Symantec  advises  these  users  to  run  the 
program’s  LiveUpdate  feature  as  soon  as 
possible  to  download  the  patch. 


Under  the  gun  in  IPv6  tests 

Among  the  capabilities  tested  successfully,  if  not  easily,  were: 

•  Network  file  sharing  and  transfer  with  Unix  operating  systems  from  Sun,  HP,  Berkeley 
Software  Distribution  and  Linux. 

•  Printing  with  printers  from  HP,  Xerox  and  Konica-Minolta,  including  printing  PostScript 
over  such  security  mechanisms  as  IPSec  and  Internet  Key  Exchange. 

•  Web  design  using  Adobe  Dreamweaver  with  Microsoft  Vista  and  Longhorn  servers 
and  the  Apple  Mac  operating  system. 

•  Microsoft  MeetingSpace  collaboration  tools. 

•  DNS  and  Dynamic  Host  Configuration  Protocol  (DHCPv6)  servers. 
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»  Securing  dynamic  networks  can  be  a  nightmare,  squared.  But  Juniper  Networks  protects 
your  resources  and  applications  and  improves  productivity  by  securing  and  controlling 
access  to  your  network. 

As  the  recognized  SSL  VPN  market  share  leader,  we  know  remote  access  and  how  to 
secure  it.  And  now  with  Juniper’s  innovative  Unified  Access  Control  solution,  we  deliver 
visibility  into  your  users’  identities,  locations,  endpoint  security  —  everything  —  regard¬ 
less  of  where  —  local  or  remote  —  how,  or  even  which  users  attempt  to  access  your 
network.  So  enforce  policy  as  lenient  or  strict  as  you  choose,  control  traffic,  identify  and 
contain  noncompliant  users,  and  eliminate  and  mitigate  malware  and  other  threats.  In 
short,  be  confident  in  controlling  and  securing  access  across  your  entire  network.  Only 
Juniper  makes  any  network  more  secure:  www.juniper.net/controllingaccess 
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N.Y.  college  tests  first  11n  WLAN 


Testing  out  802.1  In 

Morrisville  State  College's  test  results  comparing  Meru  Networks’  802.11n 
wireless  LAN  gear  with  802.11g  equipment. 


Description  of  test 

File  size 

Client  with 
802.11g  USB 

Client  with 
2.4GHz 
802.11n  USB 

Client  with 
5GHz 

802.11 n 
internal 

Windows  file  upload 
from  laptop  to  network 
share 

50  MB 

3  min.  51  sec. 

26  sec. 

8  sec. 

Windows  file  download 
from  network  share  to 
laptop 

50  MB 

1  min.  28  sec. 

21  sec. 

8  sec. 

Web  file  upload  from  a 
laptop  to  server 

20  MB 

10  min. 

2  min.  18  sec. 

2  min.  36  sec. 

Web  file  download  from 
a  server  to  laptop 

20  MB 

20  sec. 

8  sec. 

6  sec. 

Ruckus*  double  album 
music  download  from 
local  server  to  laptop 

164  MB 
(33  tracks) 

2  min.  59  sec. 

1  min.  37  sec. 

1  min.  15  sec. 

*  a  legal  music-download  service  offered  at  Morrisville 


BY  JOHN  COX 

The  IT  staff  at  Morrisville  State  College,  where 
the  first  large-scale  Draft  802.1  In  wireless  LAN 
is  being  designed,  says  the  beta  gear  exceeds 
expectations.The  school  last  week  plugged  in 
the  first  10  production  units  of  Meru  Networks 
access  points. 

One  issue  still  facing  the  college,  however, 
is  when  and  how  to  upgrade  the  electrical 
system  for  the  high-throughput  devices,  900 
of  which  will  eventually  be  deployed  across 
campus. 

To  run  1 1  n  simultaneously  on  both  of  its 
radios  with  40MHz  channels,  the  Meru 
AP320  needs  30  watts  of  power,  or  double 
that  supplied  by  Power-over-Ethernet  (PoE) 
products  based  on  the  older  802. 3af  stan¬ 
dard.  Power  injectors  and  other  gear  based 
on  the  30-watt  802. 3at  PoE  standard  are  not 
available  commercially,  though  evaluation 
units  can  be  tested. 

Meru  says  its  new  AP320  can  work  using  15 
watts,  and  the  college  plans  to  run  them  at  that 
wattage  using  20MHz  channels  with  802.3af 
power  injectors.  But  there  are  some  trade-offs. 
The  lln  standard  specifies  the  use  of  two  to 
four  antennas,  which  are  used  in  a  technique 
called  multiple  input  multiple  output  (MIMO) 
to  break  down  a  data  stream  into  slower  sub¬ 
streams,  each  one  assigned  to  a  different  an¬ 
tenna.  At  the  receiving  end, MIMO  antennas  pull 
the  streams  together  into  one.  With  15  watts,  the 
AP320  will  use  two  instead  of  all  three  of  its 
antennas  in  sending  and  receiving,  or  a  2x2 
instead  of  a  3x3  configuration  in  1  In  jargon. 

Users  should  still  see  a  300Mbps  data  rate, 
with  roughly  150Mbps  in  throughput,  says 
Keyur  Shah,  senior  product  manager  for 
Meru.  So  why  bother  with  three  antennas? 
“In  MIMO,  the  more  streams  you  have,  the 
more  reliable  the  [overall]  stream  be¬ 
comes,”  Shah  says.“The  signal  quality  is  bet¬ 
ter,  and  the  overall  guarantee  that  the  signal 
will  reach  its  destination  is  higher.” 

Morrisville  plans  to  move  to  new  802. 3at 
power  systems  once  these  become  available. 

Tests  exceed  expectations 

The  college  IT  staff  has  been  testing  the 


Wireless  buyer’s  guide 

From  wireless  adapters  to  WiMAX 
repeaters,  we've  got  detailed  informa¬ 
tion  on  hundreds  of  products  that  will 
quickly  help  you  pinpoint  the  hardware 
or  software  you're  looking  for. 

www.nwdocfinder.com/1047 


Meru  AP320  access  points  with  a  beta  version 
of  the  Meru  code  (see  graphic)  using  two 
antennas  in  sending  and  receiving,  and 
20MHz  channels.  The  802.11  standard  offers 
the  option  of  combining  two  such  channels  to 
create  larger  but  fewer  40MHz  channels  for 
optimal  throughput. 

“Some  of  the  statistics  [from  the  tests]  were 
just  unbelievable,”  says  Jean  Boland,  vice 
president  of  technology  services  for  the  col¬ 
lege,  in  Morrisville,  N.Y  A  50MB  file  uploaded 
from  a  laptop  to  a  network  drive  took  three 
minutes  and  51  seconds  using  an  llg  con¬ 
nection,  but  only  26  seconds  with  lln, nearly 
nine  times  faster. 

With  1  In, users  can  expect  to  see  throughput 
of  100M  to  300Mbps,  depending  on  how  the 
access  point  and  client  adapter  are  config¬ 
ured.  That  compares  with  20M  to  25Mbps 
today  for  11a  and  llg  WLANs.  In  addition, 
users  can  expect  to  see  high  throughput  sus¬ 
tained  over  longer  distances  from  1  In  access 
points.  In  tests  that  began  in  June,  Morrisville 
network  administrators  are  finding  that  lln  is 
delivering  on  its  promise. 

The  clients  in  the  tests  are  existing  laptops 
fitted  with  2.4GHz  lln  USB  adapters  from 
Linksys  and  new  Lenovo  T61  Thinkpad 
notebook  PCs  with  built-in  Atheros  lln 
chipsets  that  can  run  on  both  2.4GHz  and 
5GHz  frequencies. 

Morrisville  network  administrator  Matt  Bar¬ 
ber  runs  the  test  in  dorms,  student  rooms, 
and  near  active  areas  where  other  access 


points  and  equipment  operate.  His  team  sets 
up  the  access  point  and  clients  and  each 
time  runs  through  an  identical  set  of  data 
transfers,  using  different  kinds  of  files,  at 
specified  distances  from  the  access  point,  so 
the  results  can  be  compared. 

Equipping,  managing  clients 

Morrisville  plans  to  equip  as  many  legacy 
clients  as  possible  with  lln  adapters,  both 
in  the  2.4GHz  and  5GHz  bands.  If  legacy 
wireless  clients, such  as  lib  or  llg, connect 
to  the  lln  access  point,  it  can  slow  down 
performance  for  lln  clients.  But  Meru’s 
Shaw  says  that’s  not  as  big  a  problem  with 
Meru’s  architecture.  Unlike  nearly  all  rivals, 
Meru’s  controller  manages  the  client  associ¬ 
ation:  essentially  the  Meru  code  can  give 
each  client  a  preset  amount  of  time  to  trans¬ 
mit  rather  than  letting  them  randomly 
access  the  radio  channel,  he  says. 

The  result  is  that  legacy  clients,  even  close  to 
the  lln  access  point, won’t  be  able  to  hog  it; 
and  an  1  In  client, transmitting  much  faster, will 
be  able  to  pump  through  much  more  data  dur¬ 
ing  its  time  window. 

The  college  IT  group  is  searching  for  5GHz 
lln  adapters  to  test  with  the  access  points. 

Ranges  and  rates 

As  with  llabg,  the  lln  connection  speed 
drops  as  distance  to  the  access  point  increas¬ 
es,  but  not  as  much.  “We’re  losing  a  lot  less  of 

See  Morrisville,  page  16 
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Servers, 
Applications, 
Floor  space. 
Man-hours, 
Power, 
Storage... 

Introducing  the  revolutionary  enterprise  architecture 
that  finally  pays  you  back. 

Legacy  systems  work  fine  for  brute-force  cooling  the  entire  room,  but  skyrocketing 
energy  costs  make  them  fiscally  irresponsible  and  their  fundamentally  oversized 
design  makes  them  incapable  of  meeting  today's  high-density  challenges. 

Even  worse,  power  and  cooling  waste  may  actually  prevent  you  from  purchasing 
much-needed  new  IT  equipment.  Simple  problem,  simple  solution.  Cut  your  power 
and  cooling  costs  and  use  the  savings  to  buy  the  IT  equipment  you  need. 

According  to  Gartner  Research,  50%  of  all  data  centers  built  before  2002  will 
be  obsolete  by  2008  because  of  insufficient  power  and  cooling  capabilities. 

Power  and/or  cooling  issues  are  now  the  single  largest  problem  facing  data 
center  managers. 

There's  only  so  much  power  and  money  to  go  around 

Your  service  panel  limits  the  amount  of  power  available.  Your  budget  limits  the 
amount  of  money.  You  have  to  stretch  every  bit  of  both  as  far  as  you  can. 

Schneider  What  you  need  is  the  APC-MGE  Efficient  Enterprise™. 

Electric 

The  APC-MGE  solution  offers  modular  scalability  so  that  you  pay  only  for  what  you 
use;  capacity  management  so  that  you  know  where  to  put  your  next  server;  and 
dedicated  in-row  and  heat-containment  systems  that  improve  cooling  and  thermal 
predictability.  An  Efficient  Enterprise  earns  you  money  through  the  pre-planned 
elimination  of  waste.  For  example,  simply  by  switching  from  room-  to  row-oriented 
cooling,  you  will  save,  on  average,  35%  of  your  electrical  costs. 

Our  system  reimburses  you 

Whether  you're  building  a  new  data  center  or  analyzing  the  efficiency  of  existing 
systems,  your  first  step  is  knowing  where  you  stand.  Take  the  online  Enterprise 
Efficiency  Audit  to  see  how  you  can  reap  the  benefits  of  a  smart,  integrated, 
efficient  system:  more  power,  more  control,  more  profits. 

How  efficient  is  your  enterprise  system?  See  exactly  where  you  stand 
— take  our  online  Enterprise  Efficiency  Audit  today! 

Visitwww.apc.com/promo  Key  Code  x419x  •  Cali  888.289.APCC  x9166  •  Fax  401.788.2797 


The  Efficient  Enterprise “  makes  cooling  predictable  and  reduces 
operational  expenses  by... 

(J)  Employing  close-coupled  cooling.  Our  innovative 
^  Mow "  architecture  allows  a  more  efficient,  targeted 
cooling  by  shortening  the  distance  between  heat  generation 
and  heat  removal. 

-  Containing  the  heat  Our  Hot  Aisle  Containment  System 
(D  reduces  hot  spots  by  preventing  hot  exhaust  air  from  mixing 
with  cool  air  in  the  room. 

Managing  capacity.  Intelligent,  integrated  capacity 
(3)  management  software  gives  you  real-time  data  on  your 
power  and  cooling  demands. 

Utilizing  right-sized  components.  Flight-sized  ‘pay  as 

@you  grow"  components  mean  no  more  wasting  power  with 
oversized  legacy  systems. 


Legendary  Reliability® 
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Fibre  Channel  is  speeding  up 

But  customers  aren’t  rushing  as  8Gbps  products  debut 


BY  DENI  CONNOR 

With  Emulex  and  QLogic  last  week  airing 
plans  for  8Gbps  Fibre  Channel  products, 
storage-area  networks  are  about  to  get  faster. 
But  customers  we  interviewed  don’t  sound 
too  desperate  for  a  speed  boost  over  the  2G 
and  4Gbps  Fibre  Channel  products  they 
now  use. 

“While  some  very  I/O-intensive  supercom¬ 
puting  needs  for  8Gbps  Fibre  Channel  exist, 
most  users’  SAN  performance  is  not  eclips¬ 
ing  the  2Gbps  Fibre  Channel  they  already 
own,”  says  Michael  Passe,  storage  architect 
for  Beth  Israel  Deaconess  Medical  Center  in 
Boston.  “Users  are  only  moving  to  4Gbps 
Fibre  Channel  because  manufacturers  are 
moving  in  that  direction.  The  logical  place 
for  8Gbps  Fibre  Channel  is  in  the  host  virtu¬ 
alization  space,  where  you  have  several  vir¬ 
tual  hosts  vying  for  the  same  physical  host 
bus  adapter.” 

Barry  Strasnick,  CIO  for  CitiStreet  in  North 
Quincy,  Mass.,  says  his  organization  has 
never  come  close  to  hitting  constraints  with 
2Gbps  Fibre  Channel  for  financial-services 
processing  for  the  12  million  participants  it 
serves. 

“I  know  it  may  sound  boring,  but  realisti¬ 
cally  the  major  I/O  constraint  for  us  is  still 
‘old-fashioned’  disk  spindle  speed,  which  is 
handled  by  intelligently  spreading  the  load 
over  more  spindles,”  says  Strasnick,  who  uses 
QLogic  host  bus  adapters  and  Brocade 
switches  in  his  SAN. 

The  new  8Gbps  host  bus  adapters  and 
switches,  which  will  be  available  next  year, 
will  likely  be  used  initially  to  link  Fibre 
Channel  segments,  enabling  consolidation 
between  storage  devices  and  for  such  appli¬ 
cations  as  backup  and  video  postproduc¬ 
tion  that  require  higher  performance.  They 
could  be  used  “to  aggregate  and  allow  more 
servers  to  attach  to  a  given  number  of  stor¬ 
age  ports,  to  support  virtual  servers  that  may 
have  aggregated  performance  needs  and  for 
interswitch  links  where  4Gbps  Fibre  Chan¬ 
nel  is  not  cutting  it  yet  today”  says  Greg 
Schulz,  senior  analyst  with  StoragelO. 

But  at  least  some  customers  say  that  when 
they  do  replace  their  2G  or  4Gbps  Fibre 
Channel  infrastructures,  they  will  likely  do 
so  with  technologies  such  as  iSCSI  and 
lOGbps  Ethernet. 

“I  have  no  plans  to  go  to  8Gbps  Fibre 
Channel  for  the  next  three  years,”  says  Ken 
Walters,  senior  director  of  enterprise  plat¬ 
forms  at  the  Public  Broadcasting  System  in 
Alexandria, Va.  Walters  uses  4Gbps  port  mod¬ 
ules  in  his  McData  Intrepid  director-level 
switch  to  connect  to  4Gbps  McData  or 
Brocade  edge  switches. 


STORAGE  NETWORK 
NUMBERS 

Fibre  Channel  switch  revenues  are 
expected  to  exceed  $2  billion  by 
2008,  and  the  majority  of  switch 
and  host  bus  adapter  sales  will 
remain  at  4Gbps  beyond  2010, 
according  to  the  Dell'Oro  Group. 


“When  1  replace  this  SAN,  I  will  definitely 
look  to  iSCSI  on  lOGbps  Ethernet  and  hope¬ 
fully  copper  Fibre  Channel  cabling  instead 
of  fiber  optic,”  Walters  says.  “If  for  some  rea¬ 
son  that  is  not  workable,  but  8Gbps  Fibre 
Channel  is,  then  I  would  probably  go  with 
that.” 

Beth  Israel’s  Passe  does  not  have  plans  for 
8Gbps  Fibre  Channel  either. 

“We  are  still  only  using  4Gbps  for  connec¬ 
tions  to  our  newer  arrays,”  Passe  says.  “We 
probably  will  start  to  deploy  iSCSI  to  support 
some  specific  applications  and  help  with 
our  disaster-recovery  plans  in  the  coming 
two  years.  It  would  seem  that  the  future  of 
iSCSI  with  lOGbps  Ethernet  is  bright, 
although  we  don’t  have  lOGbps  Ethernet 
infrastructure  in  place  here  just  yet;  it  will 
become  more  affordable  and  show  up  in 
the  correct  time  frame.” 


Morrisville 

continued  from  page  14 

the  speed  as  we  move  further  away,  compared 
to  the  effect  we  see  in  1  lg,”  Barber  says. 

And  the  1  In  data  rate  decreases  in  much 
smaller  increments.The  802.11  standard  speci¬ 
fies  that  data  rates  decrease  by  set  amounts  at 
certain  distances,  like  steps. ‘Tin  has  similar 
behavior,  but  it  has  many  more  steps,”  Barber 
says.  When  clients  are  very  close  to  the  access 
point,  the  testers  routinely  record  280M  to 
300Mbps.  Moving  farther  away  in  stages  causes 
the  rate  to  drop  to  the  240M  to  279Mbps  range. 
“In  some  places,  this  is  faster  than  if  I  plugged 
into  the  wall  [Ethernet  jack]  ”  Barber  says. 

For  Morrisville,  raw  distance  is  less  impor¬ 
tant  than  penetration:  how  well  1  In  can  get 
through  the  cinder  block  and  steel  that  are 
found  in  many  of  the  campus’  45-odd  build¬ 
ings.  Again,  1 1  n  is  paying  off.  “We’re  seeing 
this  [penetration]  more  than  we  expected,” 
Barber  says. 


Emulex,  QLogic  plans 

Nevertheless,  Emulex  will  introduce  8Gpbs 
PCI  Express-based  host  bus  adapters  and  an 
embedded  I/O  controller  that  offer  security, 
data  integrity  and  virtualization  features. The 
company’s  LPe  12000  host  bus  adapters, 
which  reside  on  server  blades,  and  its 
Embedded  I/O  Controller,  which  is  built  into 
storage  arrays,  are  expected  to  be  delivered 
to  original  storage  manufacturers,  such  as 
EMC,  IBM  and  HP  by  the  end  of  September. 
The  company’s  8Gbps  products  support  stor¬ 
age  authentication  across  the  SAN  using  the 
Fibre  Channel  Security  Protocol  and 
Emulex’s  BlockGuard  technology  that 
checks  data  integrity. 

For  its  part,  QLogic  has  started  testing  its 
8Gbps  SANbox  Fibre  Channel  switches,  PCI 
Express-based  SANblade  host  bus  adapters 
and  iSCSI-to-8Gbps  Fibre  Channel  router.  It 
expects  to  deliver  samples  to  original  storage 
manufacturers  by  the  end  of  September. 

Brocade,  which  just  introduced  host  bus 
adapters  in  May,  is  expected  to  ship  8Gbps 
Fibre  Channel  HBAs  and  lOGbps  Ethernet 
adapters  next  year.  It  is  not  known  whether 
they  are  currently  sampling  8Gbit  technolo¬ 
gy.  Cisco  did  not  respond  by  press  time  to  our 
requests  for  its  8Gbps  plans. 

All  vendors’  adapters  will  be  backward- 
compatible  with  2G  and  4Gbps  Fibre 
Channel. 

Emulex  and  QLogic  product  families  are 
expected  to  ship  to  customers  by  the  first 
half  of  2008  at  a  10%  to  20%  premium  over 
existing  4Gbps  products.  ■ 


The  greater  rate  at  greater  distance  means 
that  Morrisville  may  be  able  to  deploy 
somewhat  fewer  lln  access  points  when 
the  network  is  fully  converted  to  lln  later 
this  fall. 

But  the  main  benefit,  Boland  says,  is  that 
the  dense  packing  of  1  In  access  points  and 
the  greater  reach  of  lln  clients  means  that 
users  will  be  more  likely  to  find  and  keep 
high-throughput  connections. 

Installing  the  lln  network  is  a  two-step 
process  for  Morrisville.  The  college  already 
has  deployed  hundreds  of  Meru’s  802.1  labg 
access  points  as  part  of  its  plan  to  replace 
an  obsolete  campus  net.  College  officials 
wanted  to  have  the  upgrade  ready  when  stu¬ 
dents  start  to  arrive  for  the  new  year  later 
this  month. 

Those  access  points  eventually  will  be 
replaced  by  the  lln  devices  as  Meru’s  ship¬ 
ments  ramp  up. The  new  access  points  have 
an  Atheros  two-radio  chipset  that  can  sup¬ 
port  all  four  of  the  WLAN  standards.  ■ 
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NEWS  ANALYSIS 


Server  software  growth 

The  installed  base  of  Linux  is  on  the  rise,  but  Windows  is  proving  to  be 
no  slouch  in  the  face  of  competition. 


Server 

operating  system 

2004 

2006 

Percentage  increase 

Windows 

14  million 

18.8  million 

28.5% 

Linux 

2.9  million 

3.8  million 

31% 

SOURCE:  IDC 


Linuxworld 

continued  from  page  1 

corporate  users  are  excited  by  the  possibili¬ 
ties. 

“Even  three  years  ago,  Linux  was  not  even 
near  the  data  center,  and  today  it  is  under  mis¬ 
sion-critical  applications  and  we  are  just  on  the 
front  end  of  that  adoption,”  says  Matt  Asay  vice 
president  of  business  development  for  Alfresco 
Software,  which  develops  open  source  enter¬ 
prise  content-management  software.  “There  is 
still  the  perception  that  if  you  want  heavy-duty 
you  go  Solaris  or  other  Unix  variants, but  1  think 
that  is  changing  to  Linux,  and  to  Windows.” 

Other  open  source  technologies  are  finding 
footholds  in  hot  markets,  namely  virtualiza¬ 
tion  for  the  data  center  and  mobile  devices. 
IDC  forecasts  that  Linux  will  capture  36%  of 
the  virtual-machine  market  by  2010. 

Open  source  packages  are  emerging  as 
alternatives  to  VMware  and  Microsoft’s  forth¬ 
coming  virtualization  add-on  for  Windows 
Server  2008.  The  evidence  can  be  seen  in 
such  virtualization  platforms  as  Xen  and  the 

M  Software  is  going  to  matter 
in  the  mobile  space,  and 
developers  need  to  have 
some  consistency  across 
platforms.  We  came  to  the 
conclusion  that  Linux  was 
our  alternative.  55 

Christy  Wyatt 

Vice  president  of  ecosystem  and  market 
development  for  Motorola’s  mobile  business 

Kernel  Based  Virtual  Machine  (KVM),the  first 
virtualization  technology  to  be  part  of  the 
mainline  Linux  kernel  (V2.6.20). 

Vendors  are  taking  those  tools  and  building 
commercial  implementations,  including  No¬ 
vell  and  Red  Hat  with  Xen,  and  XenSource 
offers  commercial  versions  that  support  both 
Linux  and  Windows. 

“Virtualization  is  a  big  one  for  us,” says  Rodd 
Heaton,  computer  system  analyst  for  L-3 
Communications.  The  company  has  in¬ 
creased  its  Linux  server  installations  by  10% 
to  15%  over  the  past  couple  of  years  in  con¬ 
verting  from  Novell’s  NetWare  to  Suse 
Enterprise  Linux.  “Our  test  environment  is 
almost  all  virtual,  and  now  we  are  looking  at 
our  production  environment.” 

Amazon  is  using  Xen  and  Linux  as  part  of  its 
Amazon  Elastic  Compute  Cloud  (EC2),a  Web 
service  that  lets  users  add  and  subtract  com¬ 
puting  resources  in  real  time.  With  EC2,  users 
configure  security  and  network  access;  start, 
terminate  and  monitor  any  number  of  their 


virtual  applications;  and  pay  by  the  hour  and 
bandwidth  consumed. 

“In  the  new  model,  you  pull  resources  into 
the  moment  when  you  need  them,  and  you 
release  them  when  you  no  longer  need 
them,”  said  Werner  Vogels,  CTO  of  Amazon 
Web  services  during  his  opening  keynote 
speech. 

Another  area  where  Linux  has  been  making 
a  splash  is  on  the  edge  with  mobile  devices. 
Motorola  last  week  announced  its  MotoMagx 
Linux-based  platform  and  said  that  60%  of  its 
handset  portfolio  will  be  based  on  the  plat¬ 
form  within  the  next  few  years. The  company 
already  has  9  million  Linux-based  handsets  in 
use,  mostly  in  Asia. 

In  addition,  Motorola  last  year  help  launch 
the  LiMo  Foundation,  which  will  create  a  com¬ 
mon  Linux-based  mobile-device  platform. The 
belief  is  that  a  consistent  platform  will  attract 
developers  who  can  write  applications  once 
and  run  them  on  many  devices.  The  group 
hopes  to  have  its  first  version  out  by  year-end. 
Last  week,  the  foundation  added  Java-based 
developers  Aplix  and  Celunite,  LG  Electronics, 
device  software-optimization  firm  Wind  River, 
and  McAfee  to  its  list  of  core  members:  NTT 
Docomo,  Panasonic  Mobile  Communications, 
Samsung  Electronics  and  Vodafone  Group. 

With  MotoMagx  out  and  the  LiMO  platform 
in  the  works,  Motorola  is  focusing  on  three 
application-development  environments:  Java, a 
Web-browser  user  interface  based  on  the 
Safari  rendering  engine,  and  native  Linux  APIs, 
so  developers  can  build  such  applications  as 
Web  services,  location-based-services,  3-D  mul¬ 
tiplayer  gaming  and  mobile  corporate  data. 

Motorola  also  has  the  open  source  Eclipse 
Tools  for  mobile  Linux  project  it  began  last 
year  at  the  Eclipse  Foundation  to  foster  devel¬ 
opment  on  mobile  Linux  platforms. 

“Software  is  gong  to  matter  in  the  mobile 
space,  and  developers  need  to  have  some 
consistency  across  platforms,”  said  Christy 
Wyatt,  vice  president  of  ecosystem  and  market 
development  for  Motorola’s  mobile  business. 
“We  came  to  the  conclusion  that  Linux  was 
our  alternative.  We  can  scale  it;  we  can  inno¬ 
vate  at  any  level.” 

The  push  to  making  application  develop¬ 
ment  easier  is  a  primary  theme  for  Linux  in 
general.  “The  No.  1  thing  that  we  need  on 
Linux  is  applications,”  said  Ron  Hovsepian, 


Novell’s  CEO,  during  his  day  3  keynote  talk  at 
LinuxWorld.  “If  you  look  at  Windows,  their 
application  availability  is  far  and  away  their 
biggest  advantage,”  he  said.  “ISVs  go  to 
Microsoft  and  they  know  there  is  one  plat¬ 
form.”  He  said  Linux  needs  that,  and  called  on 
the  open  source  vendor  community  to  sup¬ 
port  a  vendor-neutral  effort  to  standardize  ISV 
certifications. 

See  LinuxWorld,  page  56 

How  does  Cisco 
predict  market 
transitions? 

BY  JIM  DUFFY 

In  explaining  its  enviable  success,  Cisco 
likes  to  boast  of  its  ability  to  spot  market  tran¬ 
sitions  three  to  five  years  before  they  occur. 
Ever  wonder  how  it  does  that? 

The  company’s  18-month-old  Emerging 
Technologies  Group  is  charged  with  incu¬ 
bating  potential  opportunities  and  germinat¬ 
ing  them  as  Cisco’s  next  $1  billion  business. 
Four-billion  dollars  of  Cisco’s  $6.3  billion 
R&D  budget  is  the  group’s  asset  base  with 
which  it  funds,  staffs  and  develops  four 
emerging  market  opportunities  per  year. 

Cisco  seeds  these  efforts  using  what  the 
company  calls  an  “internal  venture  frame¬ 
work,"  says  Marthin  De  Beer,  senior  vice 
president  of  the  group. 

“We  see  an  opportunity  and  develop  it 
internally  in  a  start-up  model,”  De  Beer  says. 
“They  are  like  start-ups  but  they  are  not  spin- 
ins”  —  separate  companies  started  up  by 
Cisco  and  then  “acquired”  once  they  reach 
certain  accomplishments  or  performance 
goals.  (There  have  been  exceptions  to  this 
rule,  though,  such  as  Andiamo  Systems,  a 
maker  of  storage  switches;  and  Nuova 
Systems,  a  maker  of  FibreChannel-over- 
Ethernet  products  for  data  centers.  Both 
companies  are  led  by  Mario  Mazzola,  Cisco’s 
former  chief  development  officer  and  the  for¬ 
mer  head  of  LAN-switch  start-up  Crescendo, 

See  Cisco,  page  56 
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The  spectrum  allocation  dance:  What’s  next? 


Two  weeks  ago,  we 
talked  about  the 
debate  over  the 
FCC’s  planned  700Mhz 
spectrum  auction, 
scheduled  for  January. 
You’ll  recall  that 
Google  had  placed  a 
preemptive  bid  of  $4.6 
billion  for  a  chunk  of 
the  spectrum,  provid¬ 
ed  the  feds  adopted 
two  constraints:  open 
access  and  wholesale 
resale.  Carriers  resisted  the  wholesale  resale 
provision,  and  some  also  resisted  open 
access. 

The  story  so  far:  The  FCC  rejected  the 
wholesale-resale  provision,  but  required 
Google’s  open  access  constraint  on  about  a 
third  of  the  spectrum. 

From  a  purely  scientific  standpoint,  that’s 
an  interesting  compromise,  because  it  pro¬ 
vides  the  market  with  a  controlled  experi¬ 
ment.  Offering  virtually  identical  spectrum 
to  the  market  under  identical  economic 
conditions,  but  under  two  different  regula¬ 
tory  models,  provides  factual  data  on  how 
regulations  affect  the  market. 

If  —  as  the  free  marketers  predict,  and  I 
agree  —  open  access  leads  to  greater 
choice  and  a  broader  variety  of  offerings, 


there  will  be  indisputable  evidence.  And  if 
the  contrary  is  true,  we’ll  see  that  as  well. 

Unfortunately,  whichever  approach 
proves  better  will  be  poor  consolation  to 
the  folks  stuck  with  the  other  one  —  and 
because  the  regulations  are  unlikely  to  be 
changed  for  the  foreseeable  future,  the 
knowledge  we’ll  have  gained  regarding 
which  approach  is  better  will  remain  pure¬ 
ly  academic. 

But  the  real  question  at  this  point  is:  What 
happens  next?  One  of  the  more  surreal  mo¬ 
ments  of  the  debate  thus  far  was  the  point 
where  both  Google  and  the  carriers 
(chiefly  Verizon)  threatened  to  take  their 
bidding  dollars  and  go  home.  This  still 
makes  me  chuckle  —  as  if  there  was  any 
chance  that  the  big  telcos  and  tech  firms 
would  miss  out  on  the  biggest  auction  of 
the  decade. Yeah,  right. 

The  most  recent  indication  is  that  Google 
will  bid  anyway,  even  though  it  didn’t  get 
the  terms  it  wanted.  But  you  may  be  won¬ 
dering  why  a  search  engine  company  wants 
wireless  spectrum  in  the  first  place. 

It  all  comes  back  to  ’Net  neutrality  —  but 
not  the  way  you’re  probably  thinking. 
Google’s  position  on  ’Net  neutrality  is  essen¬ 
tially:  Do  as  I  say,  not  as  1  do.  In  other  words, 
Google’s  goal  is  to  make  sure  carriers  will 
not  either  refuse  to  carry  from  Google’s 
applications  (which  has  never  happened, 


and  is  not  likely  to)  or  peg  fees  to  the 
amount  and  type  of  traffic  Google  generates 
(which  carriers  are  hoping  to  do  in  future). 
To  avoid  this,  Google  is  looking  to  become 
its  own  carrier  —  or  more  accurately,  to  sub¬ 
lease  spectrum  and  subcontract  the  actual 
infrastructure  buildout  to  third  parties. 

But  here’s  the  kicker:  Google,  itself,  has  no 
history  of  adhering  to  ’Net-neutrality  poli¬ 
cies  (see  www.nwdocfinder.com/TOTO  for 
details).  So  the  endgame  is  having  Google 
in  total  control  of  the  infrastructure,  without 
officially  being  a  carrier  itself,  and  therefore 
not  subject  to  ’Net-neutrality  regulations. 
Which,  of  course,  positions  Google  perfectly 
to  cut  off  transport  services  to  any  future 
up-and-coming  competitors  —  thereby 
cementing  its  dominance  in  the  search  mar¬ 
ket,  and  securing  its  advertising  revenues. 

Of  course,  Google  would  never  do  that.  It 
would  be  evil. 

Johna  Till  Johnson  is  president  and  senior 
bunding  partner  at  Nemertes  Research,  an 
independent  technology  research  firm.  She  can 
be  reached  at  johna@nemertes.com. 

■  More  on  the  FCC  and  Google.  Get 
columnist  Scott  Bradner’s  take, 
Page  28. 
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The  magic  of  IPv4 


Early  in  my  net¬ 
work  career  I  had 
to  explain  to  my 
boss  why  we  needed 
head-end  routers  in 
the  data  center. 
Coming  from  an 
application  back¬ 
ground,  he  didn’t  un¬ 
derstand  data  con¬ 
nectivity  and  thought 
the  packets  somehow 
went  directly  into  the 
mainframe  through  the  “ether”  net  I  kept 
talking  about. 

Somehow  1  survived  that  career-challeng¬ 
ing  meeting  and  adequately  explained 
basic  network  connectivity  in  a  way  that 
allowed  me  to  keep  my  job  and  purchase 
the  needed  routers. 

Looking  back,  there  were  times  when  it 
seemed  that  there  was  some  magic  to  data 
connectivity.  Our  ability  to  access  files  and 
resources  on  a  computer  in  another  part  of 
the  world  over  telephone  lines  caused 
many  people  to  call  us  network  wizards. 
And  with  a  lexicon  of  magical  terms,  such 
as  DECNet,  TCP/IP  SNA,  NetBEUI,  ASCII  and 
IPX,  we  conjured  up  connectivity  solutions 


that  verged  on  miraculous  (it  was  often  a 
miracle  they  worked  at  all).  However,  after 
22  years  of  “conjuring,”  I  can  safely  say  there 
is  nothing  magical  about  networks  —  with 
the  possible  exception  of  IPv4. 

By  all  reports,  IPv4  should  be  dead.  Its  lim¬ 
ited  address  space,  antiquated  security  and 
lack  of  native  authentication  mechanisms 
have  generated  multitudes  of  obituaries  by 
industry  pundits  who  proclaimed  the  new 
era  of  IPv6.  According  to  the  Merlins  of 
Internet  connectivity,  IPv6  was  required  for 
the  widespread  adoption  of  VoIP  B2B 
extranets  and  secure  Internet  connectivity. 

After  years  of  defending  IPv4,  I  finally 
caved  in  to  the  overwhelming  evidence  pro¬ 
vided  by  industry  analysts,  Internet  experts 
and  my  own  engineering  staff.  With  arms 
wide  open,  I  stood  ready  to  embrace  the 
future  and  begin  migrating  my  networks  to 
IPv6. 

Now  two  years  later,  my  arms  have  grown 
tired  of  waiting  for  something  to  embrace, 
my  engineering  staff  has  moved  on  to  other 
jobs,  and  my  network  is  supporting  VoIP 
IPSec,  SSL,  extranets,  intranets  secure 
remote  access  and  everything  else  with 
antiquated  IPv4. 

My  IPv4  network-addressable  devices  are 


increasing  daily,  stricter  security  require¬ 
ments  are  being  mandated  monthly,  busi¬ 
ness-critical  voice  and  data  applications  are 
being  deployed  weekly.  I’m  communicating 
with  external  devices  that  use  the  same 
10.0.0.0  address  space  that  my  networks 
use,  and  my  NAT  appliances  are  not  the  traf¬ 
fic  bottlenecks  they  were  forecast  to  be. 
How  can  that  be? 

Some  will  say  this  is  because  of  such  tech¬ 
nology  advances  as  ASICs,  faster  back¬ 
planes,  dedicated  routing  engines  and  more 
efficient  software  that  enables  IPv4  to  over¬ 
come  its  inherent  limitations  and  provide 
business-critical  network  connectivity.  They 
will  also  say  that  these  are  interim  measures 
and  we  still  need  to  be  preparing  for  an 
eventual  migration  to  IPv6. 

That  may  be,  but  maybe  my  old  boss  was 
right.  Maybe  ARPA  knew  more  than  we  real¬ 
ized.  Maybe  the  Department  of  Defense  did 
indeed  have  alien  assistance.  Maybe  there’s 
more  to  IP  subnets  than  bit-level  masking. 
Maybe  there’s  more  magic  in  IPv4  than  we 
realize  . . .  (cue  X-Files  theme  song). 

Yoke  is  a  business  solutions  engineer  br  a 
corporate  network  in  Denver.  He  can  be 
reached  at  ckyoke@yahoo.com. 
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Leaves  Others  Far  Behind 


THRUST  SSC  (SUPER  SONIC  CAR)  SETTING  THE  LAND  SPEED  RECORD  ON  OCTOBER  15,  1997  IN  THE  BLACK  ROCK  DESERT,  NEVADA. 


Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  BigIron  IOC  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design,  the 
BigIron  IOC  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

Find  out  more  about  the  BigIron  RX  Series  and  how 

YOU  CAN  REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 

network.  Log  on  to  www.foundrynet.com/BigIronRX. 
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Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches, 
Layer  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry’s  8,500  customers  include  the  world’s  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

©  2005  Foundry  Networks*,  the  Foundry  logo,  The  Power  of  Performance”*,  Foundry”*,  and  BigIron*  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 
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TECH  UPDATE 

M  An  inside  look  at  technologies  and  standards 


The  state  of  connection  brokering 


BY  AMIR  HUSAIN 

Centralized  computing  is  becoming  increasingly  accepted  as  an  effi¬ 
cient  and  cost-effective  way  of  deploying  desktops  in  the  enterprise, 
shining  a  light  on  the  key  technologies  that  make  it  all  possible. 
Virtualization,  for  example, allows  more  than  one  user  to  run  a  desktop  ses¬ 
sion  on  a  centralized  server.  Another  less  discussed  but  perhaps  more 
important  component  is  connection  brokering. 


One  major  side  effect  of  centralizing  desktop 
resources  is  the  disembodiment  of  the  PC: The 
single  unit  sitting  on  the  desktop  is  replaced  by 
a  small,  often  solid-state  device  at  the  desk  that 
connects  back  to  some  sort  of  computer  — 
whether  a  blade,  a  1U  server  or  a  virtual 
machine  —  housed  in  the  data  center.  What 
was  one  became  at  least  two,  but  usually  even 
a  greater  number  of  components. 

Connection  brokering  traces  its  origins  to 
allowing  IT  administrators  to  simplify  the 
management  of  this  centralized,  “disembod¬ 
ied”  PC.  Clearly  policies  had  to  be  set  deter¬ 
mining  which  client  device  would  connect  to 
what  server  resource.  This  relationship  man¬ 
agement  is  primarily  what  the  early  connec¬ 
tion  brokers  did. 

The  first  generally  available  connection  bro¬ 
ker  was  released  in  2003.The  software  allowed 
administrators  to  easily  create  mappings  be¬ 
tween  edge  devices  and  back-end  host  hard¬ 
ware.  When  users  logged  on  to  their  client 
devices,  they  would  find  themselves  magically 
attached  to  the  right  data  center  resource. 

The  designers  of  this  early-stage  brokering 
software  found  the  new  disembodied  para¬ 
digm  created  some  exciting  opportunities. 
Because  the  connection  to  the  CPU  and 
storage  occurred  via  IRin  the  event  of  a  fail¬ 
ure,  the  broker  could  play  the  part  of  a 
failover  manager,  sending  the  user  to  a 
properly  functioning  resource  rather  than 
the  initially  allocated  but  now  malfunction¬ 
ing  server  or  blade. 

The  architecture,  in  fact,  is  the  equivalent  of 
having  a  massive  virtual  KVM  switch  at  your 
disposal,  making  it  possible  to  switch  from  one 
session  to  another.  This  allows  developers, 
quality-assurance  engineers,  financial-services 
traders  and  other  power  users  to  gain  access 
instantly  to  almost  unlimited  compute  power, 
all  from  a  single,  small  desktop  device. 

As  the  notion  of  centralized  PCs  began  to 
heat  up,  a  healthy  ecosystem  of  companies 
developing  software  for  the  market  came 
about.  In  the  interim,  virtualization  matured 
substantially  and  was  rapidly  entering  the 
desktop  arena,  having  proven  itself  in  the 
server  virtualization  and  quality-assurance 
facilitation  segments. 


Because  virtual  machines  increasingly  were 
being  used  as  desktops  running  on  data¬ 
center  hardware,  the  need  became  para¬ 
mount  for  software  that  could  keep  track  of 
the  myriad  possible  connections  between  vir¬ 
tual  machines  and  thin  clients.  Thus,  connec¬ 
tion  brokers  became  linked  inextricably  to 


the  success  of  virtual  machines  as  virtual 
desktops.  To  address  the  need,  Citrix 
Systems,  the  longtime  developer  of  thin- 
client  and  remote  access  software,  an¬ 
nounced  its  Virtual  Desktop  Infrastructure 
initiative  as  a  solution  that  would  integrate 
its  thin  client  software  with  virtualization 
and  connection  brokering. 

And  VMware,  the  virtualization  behemoth, 
announced  it  was  acquiring  a  connection 
broker  vendor. 

The  current  state  of  the  art  in  connection¬ 
brokering  technology  eases  the  integration 
of  virtualization  technologies  for  desktop. 
As  the  centralized  model  is  assimilated, 
additional  areas  where  connection  brokers 
can  add  value  become  increasingly  obvi¬ 


ous.  The  technology,  for  example,  makes  it 
possible  for  remote  troubleshooters  to  take 
over  a  user  session  or  simply  mirror  it  to 
help  users  resolve  problems. 

If  centralized  computing  becomes  the 
dominant  paradigm  for  PCs  in  the  coming 
years,  as  some  predict,  connection  brokers 
are  positioned  to  become  the  new  re¬ 
source  managers:  higher-level  operating 
systems  that  take  on  responsibilities  for 
which  traditional  PC  operating  systems 
were  not  designed. 

Future  connection  brokers  will  factor  in 
network  conditions  and  geography  to  deter¬ 
mine  how  connections  will  be  made.  Some 
of  them  already  intelligently  allocate  least- 
loaded  resources  to  users,  thus  managing  all 
centralized  PCs  as  a  “single”  resource.  These 


Mobile  devices,  for  example,  will  be  sup¬ 
ported  by  future  connection  brokers  as  sim¬ 
ply  another  form  of  client,  which  maps 
neatly  to  visions  where  storage  and  com¬ 
pute  power  exists  in  unlimited  quantities  in 
the  cloud,  supporting  any  duly  authenti¬ 
cated  access  device. 

Connection  brokers  then,  are  poised  to  be 
the  gatekeepers  and  decision  makers  in  this 
environment,  operating  seamlessly  in  the 
background,  always  connecting  the  right  user 
to  the  right  resource  at  the  right  time. 

Amir  Husain  is  CTO  of  ClearCube  Technology. 
He  may  be  reached  at  amir.husain@clear 
cube.com. 


Connection  brokers  as  resource  managers 

If  centralized  computing  becomes  the  dominant  paradigm  for  PCs,  connection 
brokers  will  become  the  gatekeepers  responsible  for  connecting  the  right 
user  to  the  right  resource  at  the  right  time. 
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capabilities  will  become  more  advanced. 
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NOT  ALL  CRYSTAL  BALLS 

ARE  ROUND. 


What  if  you  knew  when  your  system  was  going  to  crash  and  had  the 
know-how  to  help  prevent  it?  Well,  by  no  feat  of  magic,  that  technology 
is  here.  And  it’s  found  on  IBM  System  x3655  Express  with  Predictive 
Failure  Analysis?2  By  monitoring  the  system,  your  servers  can  remain 
highly  reliable  and  run  at  optimal  performance.  If  the  system  starts 
working  otherwise,  Predictive  Failure  Analysis  can  alert  your  systems 
administrator  -  giving  them  up  to  2  days  of  lead  time  to  take  decisive 
action  and  help  prevent  problems?  IBM  System  x3655  Express.  From 
the  people  and  Business  Partners  of  IBM.  Innovation  made  easy. 

MISSION-CRITICAL  AVAILABILITY  AND  PERFORMANCE 
IN  AN  AFFORDABLE  PACKAGE 


Up  to  two  AMD  Dual-Core  Opteron™  2218  (2.6GHz)  processors  featuring  PowerNowl™ 
power-saving  technology 

2GB  DDR  II  667MHz  memory  standard,  up  to  64GB  DDR  II  667MHz  memory  via  16 
DIMM  slots 

IBM  Director  and  Predictive  Failure  Analysis  monitor  and  help  identify  problems  on 
processors,  memory,  hard  disk  drives,  voltage  regulator  modules,  and  power  supplies 
Up  to  1.8TB  hot-swap  SAS  or  3.0TB  hot-swap  SATA 
Limited  warranty:  3  years  on-site3 


IBM  SYSTEM  x3105  EXPRESS 

AMD  Opteron™  or  AMD  Athlon™  processor  featuring  AMD  Direct  Connect  Arch itecture 
Up  to  8GB  DDR  II  667MHz  maximum  memory  using  4  DIMM  slots _ 

80GB  or  160GB  internal  storage  standard _ 

1.0TB  SATA  internal  storage  maximum _ 

Limited  warranty:  1  year  on-site3 


FROM  $529 

OR  S14/MONTH 
FOR  36  MONTHS1 
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COMPLIMENTARY  SYSTEMS 
ADVISOR  TOOL 

Want  to  find  the  right  server  or  storage  system  for  you?  Our 
Systems  Advisor  tool  can  help.  Just  give  the  tool  a  little  input, 
and  it  will  identify  products  that  can  help  meet  your  business 
needs.  Get  started  now  at  ibm.com/systems/crystalball 


express 
:J=r^  advantage 
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lbm.com/systems/crystalball 
1  866-872-3902  (mention  6N7AH32A) 
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'All  prices  are  I8M'$  estimated  retail  selling  prices  as  ol  June  14, 2007.  Prices  may  vary  according  to  contiguralion.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was 
developed  tor  offerings  in  ttie  United  States.  IBM  may  not  offer  the  products,  features  or  services  discussed  in  this  document  in  other  countries.  Prices  are  subject  to  change  without  notice,  Starting  price  may  not  include  a  hard  drive,  operating 
system  or  other  features  Contact  your  IBM  representative  or  IBM  Business  Partner  tor  the  most  current  pricing  in  your  geography.  1.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM 
subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  otter  provided  .s  based  on  a  FMV 
lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  2.  Predictive  Failure  Analysis  monitors  select  components  such  as  processors,  memory,  hard  orsK 
drives,  voltage  regulator  modules  and  power  supplies.  Covered  components  can  vary  by  model.  3.  IBM  hardware  products  are  manufactured  from  new  parts,  or  new  and  serviceable  used  parts  Regardless,  our  warranty  terms  apply.  For copy  of 
applicable  product  warranties,  visit:  ibm.com/servers/support/macbine.warranties  or  write  to:  Warranty  Information,  PO.  8ox  12195,  RTP,  NC  27709,  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products 
or  services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on  -site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician. 
On-site  warranty  is  available  only  tor  selected  components.  Optional  same-day  service  response  is  available  on  (select]  systems  at  an  additional  charge  JBM,  the  IBM  logo,  IBM  Express  Advantage,  System  x.  and  Predictive  Failure  Analysis  are 
registered  trademarks  or  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  For  a  complete  list  of  IBM  trademarks,  see  ibm.com/iegal/copytrade.shtml.  AMD,  the  AMO  logo,  AMD  Opteron  and 
AMD  PoweiNowi  are  trademarks  ol  Advanced  Micro  Devices,  Inc,  All  other  products  may  be  trademarks  or  registered  trademarks  ot  their  respective  companies.  ©2007  IBM  Corporation.  All  rights  reserved. 


Follow-ups  and  Linux  Mint 


We’ll  start  with  a  follow-up  to  last  week’s 
Gearhead  (www.nwdocfinder.com/9931) 
on  2-D  bar-coding.  Going  by  what  was  on 
the  Nextcode  Connexto  Web  site  (www.nwdoc 
finder.com/9932),  it  looked  like  Firefox  and  OS  X 
weren’t  supported.  Amir  Rosenberg,  the  compa¬ 
ny’s  CEO,  dropped  me  a  note:  It  turns  out  that 
there  have  been  updates,  and  now  Firefox  and 
OS  X  are  supported  using  a  flash  component 
instead  of  the  original  ActiveX  component. 

On  another  Gearhead  topic  —  identifying  CDs  (www.nwdoc 
finder.com/9933)  —  reader  Matthew  Leeds  pointed  out  something  I  was 
unaware  of:“Gracenote  has  over  1 1,000  CDs  in  its  database  with  the  pri¬ 
mary  genre  of  DATA. You  might  also  want  to  take  a  look  through  this  list 
(www.nwdocfinder.com/9934),  as  some  of  the  applications  may  meet 
your  requirements  for  a  cataloged 

The  only  application  that  seems  to  meet  my  requirements  to  catalog 
data  disks  is  AVCataloger  (www.nwdocfinder.com/9935),  which  is 
designed  not  only  for  cataloging  music  and  data  CDs  but  also  video¬ 
tapes  and  books.  The  program  also  accesses  your  scanner  so  you  can 
capture  additional  data,  such  as  your  original  receipt.  Priced  at  $59.95, 
AVCataloger  looks  promising. 

Leeds  wrote  a  second  time  regarding  the  next  week’s  Gearhead  on 
virtual  CD  drives  to  suggest  that  Original  CD  Emulator 
(www.nwdocfinder.com/9936)  and  Noteburner  (www.nwdocfinder 
.com/9937)  might  be  good,  legal,  DRM-removal  tools,  albeit  they  aren’t 
free  (both  cost  $34.95). 

In  Gibbsblog  a  few  weeks  ago,  an  Irregular  Voice  named  Miles  Baska 
wrote  about  the  wonders  of  the  Ubuntu  Linux  distro  (www.nwdocfind 
er.com/9938).  Reader  John  Jasper  (from  Boston)  wrote  to  sing  the 


praises  of  Linux  Mint:11. . .  after  installing  it  on  my  laptop,  it  has  been  the 
absolutely  best  Linux  1  have  ever  used.  I  have  been  through  countless 
Linux  installations  over  the  many  years  —  starting  with  Red  Hat  5.0. 
[With  Linux  Mint,  every]  piece  of  hardware  and  software  has  worked 
on  the  first  try  —  no  ‘missing  dependencies,’  etc.  Using  Mint  actually 
makes  me  feel  lazy  —  like  ...  I  really  didn’t  have  to  work  to  get  this  run- 
ning.This  is  the  only  Linux  I  feel  is  ready  for  the  desktop, and  with  over 
250  desktops  in  my  company,  I  am  really  starting  to  think  this  would 
be  a  real  possibility’ 

Linux  Mint,  now  up  to  Version  3.0  (www.nwdocfinder.com/9939)  — 
the  Cassandra  release  —  comes  in  two  editions.  The  standard  edition, 
which  is  compatible  with  the  Ubuntu  Feisty  Fawn  release  and  its  reposi¬ 
tories,  uses  the  Linux  Kernel  2.6.20  with  Gnome  2.18  and  comes  with  the 
complete  version  of  OpenOffice  2.2,  along  with  all  of  the  usual  suspects 
(Firefox,Thunderbird,Sunbird,Gimp  and  so  on). 

The  Cassandra  Light  Edition  (www.nwdocfinder.com/9946)  is  a 
slimmed-down  version  of  Linux  Mint  that  doesn’t  contain  any  propri¬ 
etary  software  and  excludes  patented  technologies.  So,  for  example, 
Macromedia  Flash  and  Windows  codecs  are  missing,  and  Sun  Java  is 
replaced  by  the  GNU  Interpreter  for  Java,  which  is  part  of  the  GNU 
Compiler  for  Java  (www.nwdocfinder.com/9940). 

There  are  also  two  beta  versions  available:  The  Cassandra  XFCE 
Community  Edition  Beta  003  replaces  the  standard  edition’s  Gnome 
desktop  manager  (www.nwdocfinder.com/9942)  with,  you  guessed  it, 
the  XFCE  desktop  manager  (www.nwdocfinder.com/9943),  while  the 
Cassandra  KDE  Community  Edition  Beta  013  (www. 
nwdocfinder.com/9944)  substitutes  the  KDE  desktop  manager 
(www.nwdocfinder/9945) . 

So  many  choices ,  so  little  time.  Tell  me  about  it  at  gearhead@gibbs.com. 


GEARHEAD 

Mark  Gibbs 


USB  drives  get  serious  about  security 

T 


COOL 


i  he  scoop:  Cruzer  Professional 
(lGB)and  Cruzer  Enterprise 
(1GB)  USB  2.0  flash  drives, 
by  SanDisk,  about  $60  and  $70, 
respectively 

What  they  are:  The  USB  flash 

_  drive  has  been  around  for  a  long 

time,  but  enterprises  often  have 
been  wary  of  giving  them  to  users  because  of  lack¬ 
luster  security  features.  If  a  user  puts  mission- 
critical  data  on  the  drive  and  it  gets  lost,  that’s  a 
huge  security  breach  that  many  companies  don’t 
want  to  deal  with.  SanDisk  aims  to  alleviate  this 
problem  with  its  latest  Cruzer  Professional  and 
Enterprise  USB  flash  drives,  which  include  capacities  from  1GB  to 
4GB.The  devices  include  hardware-based  256-bit  AES  security  to  guar¬ 
antee  that  data  stored  on  them  can’t  be  accessed  without  a  password. 
Both  versions  provide  24Mbps  read  speeds  and  20Mbps  write  speeds, 
and  are  compatible  with  USB  2.0  ports  and  earlier  versions. 

Why  they’re  cool:  The  Professional  version,  aimed  more  at  small-to- 
midsize  businesses  or  individual  users,  has  software  that  lets  users  cre¬ 
ate  a  public  and  private  partition,  with  the  amount  of  space  dedicated 
to  each  partition  being  optional.  The  private  partition  then  can  be 
accessed  only  with  a  correct  password. This  gives  users  some  flexibility 
in  sharing  noncritical  files  and  folders  without  having  to  go  through  the 
extra  step  of  a  password. 

The  Enterprise  version,  however,  has  mandatory  password  protec¬ 
tion  for  all  files  stored  on  it,  with  no  way  to  bypass  this  requirement. 
In  fact,  strong  passwords  are  required  —  I  was  told  that  my  first 
password  attempt  was  lame  (my  words,  not  theirs)  —  the  password 


One  of 
these  USB 
drives  is  more  secure 
than  the  other. 


had  to  have  between  six  and  16  letters 
and  include  at  least  one  of  three  cate¬ 
gories  (uppercase  letter,  lowercase 
letter,  number  or  special  characters). 
The  software  also  includes  a  lock- 
down  mode  that  shuts  off  access  when  a  set 
number  of  incorrect  password  attempts 
are  made.  The  Enterprise  version  also 
can  be  integrated  with  the  company’s 
Central  Management  and  Control  soft¬ 
ware,  which  lets  IT  departments  cen¬ 


trally  manage  company-issued  Cruzer 
Enterprise  devices. 

Some  caveats:  The  Professional  ver¬ 
sion  has  a  feature  called  “trust  this  com¬ 
puter,”  which  lets  users  bypass  typing  in  a  password  to  the  private  par¬ 
tition  if  they  are  connecting  the  drive  to  a  trusted  computer  (such  as 
at  work  or  at  home). This  may  be  a  nice  convenience,  but  it  opens  up 
a  small  security  hole. 

Also,  let’s  be  clear  here  —  a  password  alone  may  not  be  entirely 
secure  —  users  who  aren’t  good  at  remembering  passwords  might  just 
write  it  down  on  a  piece  of  paper  and  tape  it  onto  the  drive. 

Bottom  line:  Any  company  (regardless  of  size)  concerned  with  pro¬ 
tecting  data  stored  on  USB  drives  should  pay  the  extra  money  for  the 
Enterprise  version  to  get  the  mandatory  password  features  and  not 
have  the  trust-this-computer  loophole  on  the  Professional  version. 

Grades:  Professional,  ★★★★;  Enterprise,  ★★★★★ 

Want  to  ask  Keith  a  personal  technology  or  gadget-related  question? 
Chat  live  with  him  this  Friday,  Aug.  17,  at  2  p.m.  EOT.  Go  to  www.net 
workworld.com/chat  for  more  details.  Join  the  discussion! 
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Don’t  fall  for  conventional, 
cell-based  wireless  LAN 
systems  with  performance- 
related  problems  -  spec  the 
Belden  Wireless  Solution. 


Only  the  Belden  Wireless  LAN  offers 
Interference-free  performance,  with  no 
co-channel  interference,  no  roaming  latency 
problems  and  no  contention  between 
user  types,  devices  and  traffic.  It’s  also 
designed  to  be  a  plug-and-play  system: 
right  out  of  the  box  it’s  easy  to  plan, 
configure  and  manage...  without  the  need 
for  expensive  RF  site  surveys! 


What  else  makes  this  a  best-in-class  system? 
It’s  a  complete  Layer-2  edge  solution  -  so 
there’s  no  intrusion  on  the  core  network  - 
plus  it  consists  of  a  smart  Switch  and  “thin” 
radio  Access  Points,  so  no  RF  cell  planning 
is  needed  to  juggle  AP  performance.  To  gain 
capacity  -  and  a  guaranteed,  predictable 
data  rate  -  any  number  of  radio  APs  may 
be  utilized.  You’ll  also  gain  by  using  all  three 
channels  on  the  system’s  four  “Channel 
Blankets”  and  by  being  able  to  re-use  the 
channel  frequencies  (Spectrum  Re-Use). 


And  that’s  only  the  beginning.  Download  our 
webcast  on  “Top  8  Wireless  LAN  Problems 
and  How  to  Solve  Them”  at: 

www.belden.com/Wireless.cfm 


Be  sure  to  look  to  the  leader  in  signal 
transmission  for  the  best  WLAN  solutions. 


Call  Belden  at  1.800. BELDEN.1 
Or,  visit  us  online  at 

www.belden.com 


BELDEN 

SENDING  ALL  THE  RIGHT  SIGNALS 


©2007,  Belden  Inc. 
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Phishing  for  the  good  guys 

Researcher  executes  online  attacks  aimed  at  improving  security 


BY  JON  BRODKIN 

If  he  weren’t  so  ethical,  Markus  Jakobsson 
could  be  a  world-class  online  fraudster.  In  a 
way,  he  already  is. 

Jakobsson,  a  cybersecurity  researcher  and 
professor  at  Indiana  University  in  Bloom¬ 
ington,  spends  much  of  his  time  perpetrat¬ 
ing  online  attacks  on  unsuspecting  Web 
surfers  —  without  actually  harming  them,  of 
course  —  to  see  what  types  of  ruses  people 
will  fall  for  and  to  predict  potential  new 
techniques  phishers  might  pursue. 

The  university  that  gave  the  world  the 
famous  sex  researcher  Alfred  Kinsey  is 
more  than  willing  to  tolerate  experiments 
that  might  improve  computer  security  even 
if  it  annoys  a  few  unwitting  participants. 

“They  think  everything  that  is  not  immoral  or 
illegal  is  fine,”  Jakobsson  joked  last  Wednesday 
at  the  Usenix  Security  Symposium  in  Boston, 
while  delivering  a  talk  on  the  human  factor  in 
such  online  frauds  as  phishing,  click  fraud  and 
crimeware.  Victims  of  online  attacks  often  give 
up  personal  information,  such  as  bank  ac¬ 
count  details,  or  have  their  computers  con¬ 
trolled  remotely  by  hackers. 

Jakobsson’s  research  subjects  can’t  know 
they’re  being  experimented  on,  or  the 
results  would  be  meaningless.  The  typical 
procedure  is  to  tell  them  about  the  research 
after  they’ve  unknowingly  participated, 
which  Jakobsson  admits  has  led  to  some 
angry  responses. 

In  one  experiment,  Jakobsson  and  his  stu¬ 
dents  sent  e-mails  to  about  20  people 
directing  them  to  a  site  authenticated  only 
by  a  self-signed  certificate  —  an  identity 
certificate  signed  by  its  creator.  Many 
accepted  the  certificate  even  though  any¬ 
one  knowledgeable  about  computer  securi¬ 
ty  should  not  have. 

“We  were  on  four  continents  within  a  day 
with  a  starting  point  of  20  of  these  mes¬ 
sages,”  Jakobsson  said.  “We  could  have  put 
malware  on  computers.” 

In  another  study,  Jakobsson  found  that 
although  people  often  won’t  click  on  a  sus¬ 
picious  link  within  an  e-mail,  they  will  go  to 
the  site  if  they  are  instructed  to  copy  and 
paste  the  same  URL  into  their  browsers. The 
lesson  Jakobsson  took  from  the  study  — 
which  involved  an  e-mail  asking  users  to 
update  their  eBay  accounts  —  is  that  public 
education  efforts  about  the  danger  of 
online  attacks  are  insufficient.  People  know 
they’re  not  supposed  to  click  on  suspicious 
links,  but  they  haven’t  been  told  not  to  copy 
and  paste  the  same  links  into  an  address 
bar.  A  slight  change  in  approach  causes  vic¬ 
tims  to  let  their  guard  down  and  pays  divi¬ 
dends  for  the  bad  guys. 


Jakobsson  also  found  a  problem  related 
to  the  credit-card  company  practice  of 
identifying  users  by  the  last  four  digits  of 
their  account  numbers,  which  are  random. 
His  research  shows  people  are  willing  to 
respond  to  fraudulent  e-mails  if  the  attacker 


correctly  identifies  the  first  four  digits  of 
their  account  numbers,  even  though  the 
first  four  are  not  random  but  based  on  the 
organization  that  issued  the  card.  “People 
think  [the  phrase]  ‘starting  with’  is  just  as 
good  as  ‘ending  with,’  which  of  course  is 
remarkable  insight,”  he  said. 

Another  experiment  targeted  Indiana 
University  professors,  prompting  them  to 
use  their  university-issued  passwords  to  get 
onto  a  site  that  appeared  to  be  hosted  out¬ 
side  of  the  school.  Most  were  duped. 

“We  sent  them  to  a  page  that  said  ‘service 
temporarily  unavailable,  please  try  again 
later.’ That  would  stimulate  people’s  interest 
and  many  people  returned,”  he  said. “It  was 
nice  to  see  that  computer  scientists  never 
fell  for  the  experimental  attack  when  it  was 
sent  by  a  stranger. ...  It  was  a  wake-up  call 
that  the  people  in  the  School  of  Education 
did  not  distinguish  whether  it  was  from  a 
friend  or  someone  unknown  to  them.” 

One  finding  could  have  been  predicted  by 
anyone:  Men  are  more  likely  to  click  on  a  link 
sent  to  them  by  a  female  than  on  one  sent  by 
a  male. The  study  also  dug  up  some  more  sur¬ 
prising  facts  by  targeting  e-mail  addresses  from 
a  social  networking  site  that  listed  political 
affiliations.“It  was  delightful  for  me  to  see  that 
people  on  the  far  left  and  far  right  were  much 
more  vulnerable  than  people  in  the  middle, 
which  confirms  to  me  that  they’re  crazier  than 
the  rest  of  us,”  Jakobsson  said. 

In  another  study,  Jakobsson  and  his  wife 
exposed  weaknesses  in  eBay’s  system  that 
allows  communication  between  buyers  and 
sellers.  A  recipient  of  an  e-mail  sees  a  yel¬ 
low  button  that  says  “respond  now,”  but  the 
button  carries  no  information  about  the 
intended  recipient.  Jakobsson  pasted  the 
button  onto  a  spoofed  e-mail  to  a  victim, 
making  it  appear  to  be  a  legitimate  e-mail 


from  an  eBay  user.  Instead,  the  victim  —  or, 
in  this  case,  research  subject  —  is  taken  to  a 
site  with  a  URL  that’s  similar  to  eBay’s  but 
that  is  run  by  Jakobsson. 

The  researchers  spoke  with  eBay  after  per¬ 
forming  their  experiment. 


“Just  a  few  months  after  we  performed 
this  experiment  and  told  them  the  results, 
this  attack  started  to  happen  in  the  wild, 
pretty  big-scale,  too,”  he  said. “We  were  terri¬ 
fied  that  we  caused  it  to  happen.” 

It  turned  out  the  same  type  of  attack  had 
been  occurring  already,  but  on  a  smaller 
scale,  so  Jakobsson  was  off  the  hook.  He 
said  eBay  officials  reacted  positively  to  his 
research  because  it  gives  them  information 
that  can  help  improve  security.  For  reasons 
related  to  public  relations,  eBay  doesn’t 
experiment  on  its  own  customers,  he  said. 

There  are  several  good  reasons  to  perform 
such  experiments,  Jakobsson  argues.  They 
improve  phishing  countermeasures  by  dis¬ 
covering  what  works  and  what  doesn’t. 
Jakobsson  said  one  experiment  showed  400 
subjects  one  of  two  AT&T  links:  one  with  the 
company  name  in  the  URL  or  one  with  the 
phrase  “accountonline.com.” 

The  accountonline.com  link  was  the  real 
one  used  by  AT&T  —  yet  users  deemed  it  less 
trustworthy  than  the  one  with  AT&T’s  name  in 
the  URL.  Phishers  seem  to  know  this  already,  as 
they  tend  to  register  domain  names  that  resem¬ 
ble  the  name  of  the  site  they  want  people  to 
think  they  are  logging  on  to. 

“Custom  name  attacks  are  remarkably 
successful,”  Jakobsson  said. 

Experiments  can  help  researchers  predict 
trends  by  discovering  what  human  vulnera¬ 
bilities  haven’t  been  exploited  yet,  Ja¬ 
kobsson  said. 

Although  some  argue  users  can’t  be 
taught  to  avoid  online  attacks,  Jakobsson 
thinks  his  research  can  lead  to  better  edu¬ 
cation  methods.  Some  common  advice  is  so 
vague  that  it’s  pretty  much  useless,  he  said, 
leaving  lots  of  room  for  improvement. 

“The  technical  component  is  important, 
but  it’s  not  all,”  Jakobsson  said.B 


*  7?  I  wWe  were  on  four  continents  within  a  day  with  a 
|  ||  starting  point  of  20  of  these  messages.  We  could 

have  Put  malware  on  computers.55 

Markus  Jakobsson 

Cybersecurity  researcher  and  professor,  Indiana  University, 
describing  experiments  he  and  his  students  conducted. 
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DNSreport 

See  if  there  are  problems  with  your  DNS  hosting 


(Enter  zone  name,  such  as  "example.com 


DNSreport 


56  CRITICAL  DNS  TESTS 

RUN  IN  LESS  THAN  8  SECONDS. 


YOUR  DESTINATION  FOR  DNS  AND  NETWORKING  TOOLS 


MCVINCOOL. 

THE  #1  SPOT  COOLING  SOLUTION 

MULTIPLE  UNITS  FOR 
MULTIPLE  SOLUTIONS 

A  versatile  line  of  powerful,  portable  and  permanent  units 
Capable  of  cooling  small  or  large  spaces  efficiently 

Compact  and  self-contained  with  no  refrigeration 
piping  required 

Select  from  7,000  -  60,000  Btu/h  of  performance 


verified  cooling 


Visit  movincool.com 
or  call  800-264-9573 

to  find  the  right  solution  for  you. 

'"J2007  DENSO  Sales  California,  Inc.  MovinCool  is  a  registered  trademark  of  DENSO  Corporation. 
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FCC  ignores  the  lesson 
of  Wi-Fi’s  history 

As  just  about  everybody  predicted,  the  U.S. 
Federal  Communications  Commission 
recently  decided  that  only  giant  telephone 
companies  are  smart  enough  to  manage  wire¬ 
less  spectrum. The  FCC  included  a  minuscule 
favor  that  it  claimed  might  help  the  rest  of  us, 
but  whether  it  actually  will  is  far  from  clear. 

In  making  its  decision,  the  FCC  ignored  the 
basic  lesson  that  it  should  have  learned  from 
Wi-Fi  and  rejected  the  most  important  part  of 
a  forward-looking  proposal  from  Google. 

In  2005,  Congress  passed  the  Digital  Tele¬ 
vision  Transition  and  Public  Safety  Act,  which  mandated  that  all  analog 
TV  broadcasting  be  discontinued  on  Feb.  17, 2009,  and  that  the  freed- 
up  spectrum  be  split  among  public  safety  and  other  communications 
uses. The  act  requires  that  the  FCC  run  an  auction  of  the  commercial 
part  of  the  spectrum  by  Jan.  28, 2008.  On  July  31  the  FCC  announced  a 
revised  set  of  rules  for  that  auction. 

The  FCC  has  decided  on  a  public-private  partnership  to  run  the  pub¬ 
lic  safety  part  of  the  spectrum. The  other  option  was  a  government-run, 
national  public  safety  network.  I’m  not  sure  the  path  the  FCC  wants  to 
take  will  change  the  overall  result.  Considering  the  unblemished  his¬ 
tory  of  such  projects,  I  fully  expect  any  useful  network  will  be  decades 
off  —  if  it  ever  shows  up  —  and  will  produce  vast  windfalls  for  a  few 
selected  vendors  at  the  taxpayers  expense. 

The  FCC’s  decision  about  the  public  safety  network  was  quite  pre¬ 
dictable  and,  sadly  so  were  its  decisions  about  the  rest  of  the  spectrum. 

Anyone  who  has  been  paying  attention  at  all  knows  that  the  most 
dynamic  explosion  in  the  uses  of  wireless  has  come  in  the  unlicensed, 
small  chunks  of  spectrum  where  such  technologies  as  Wi-Fi  prosper.lt 
would  seem  obvious  that  if  the  FCC’s  goal  in  deciding  what  to  do  with 
the  to-be-released  spectrum  was  —  as  the  FCC  press  release  states  — 
“serving  the  public  interest  and  the  American  people,”  at  least  part  of 
the  spectrum  would  have  been  added  to  these  unlicensed  bands. 
Communications  companies,  however,  do  not  spend  billions  of  dollars 
(the  FCC’s  minimum  bid  for  a  part  of  the  spectrum  is  $4.6  billion)  to 
open  up  spectrum  for  everyone  to  use,  for  free.  FCC  Chairman  Kevin 
Martin  noted  in  his  statement  accompanying  the  news  release  that  the 
FCC  had  to  produce  “a  fair  return  on  this  asset  for  the  American  peo¬ 
ple.”  In  focusing  on  the  auction  return,  the  FCC  ignores  the  proven 
value  —  far  more  than  $4.6B  —  that  more  unlicensed  spectrum  would 
have  returned  to  the  U.S.  economy 
Google  suggested  a  middle  ground  to  the  FCC,  arguing  that  a  chunk 
of  the  spectrum  should  be  sold  to  companies  that  would  provide 
open-access,  wholesale  service  to  customers.  Google  also  recommend¬ 
ed  that  the  same  chunk  of  spectrum  support  open  applications, 
devices  and  services. 

The  FCC  decided  to  support  —  mostly  —  the  requirement  for  the 
winning  bidder  to  support  open  devices,  applications  and  services,  but 
it  did  not  agree  to  the  most  important  of  Google’s  suggestions:  that  pro¬ 
viding  wholesale  services  be  required. The  FCC  also  said  that  if  it  could 
not  find  a  buyer  at  its  minimum  price,  it  would  drop  its  requirements 
and  rerun  the  auction. 

Google  has  not  said  that  it  will  not  pony  up  the  money  and  provide 
wholesale  services.  It  might,  but  there  is  little  chance  that  the  other 
major  bidders  —  mostly  telephone  companies,  considering  the  FCC 
rules  —  will  do  so.  If  the  telephone  companies  win,  innovation  in  the 
wireless  world  will  run  at  the  speed  of  cell-phone  data  (very  slow,  very 
expensive  or  both)  rather  than  802.1 1  (ever  faster  and  cheaper). 

Disclaimer:  Harvard,  at  371  years  old,  is  unlikely  to  be  faster,  more 
flexible  or  cheaper,  and  it  has  expressed  no  formal  opinion  on  the 
FCC’s  ability  not  to  learn  from  history. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


NET  INSIDER 

Scott  Bradner 
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Cisco  co-founder  Bosack’s  Next  Big  Thing 


Twenty-three  years  ago,  the  husband  and  wife 
team  of  Stanford  University  computer  support 
staffers  Len  Bosack  and  Sandy  Lerner  founded  the 
most  powerful  and  valuable  company  in  network¬ 
ing:  Cisco  Systems.  Now  CEO  ofXKL,  Bosack  last 
week  rolled  out  what  he  believes  is  another  break¬ 
through  product  for  enterprise  networks.  He  shares  some 
thoughts  with  Network  World  Managing  Editor  Jim  Duffy. 


XKL  was  founded  in  1991  to  do  com¬ 
puter  I/O  and  backplane  research. 

What  made  you  shift  gears  to  optical? 

We  actually  constructed  a  complete  com¬ 
puter  system  that  was  a  much  smaller  form 
factor  replacement  for  a  then-obsolete 
product  made  by  Digital  Equipment, 
which  was  one  of  their  mainframe  sys¬ 
tems.  So  essentially  we  produced  a  half¬ 
rack  unit  system  that  replaced  something 
that  was  the  better  part  of  20  feet  long.  We 
sold  a  few  of  those  to  some  of  the  then- 
remaining  customers. 

By  2003,  it  appeared  as  though  the 
industry  was  ready  to  deliver  on  some  of 
those  promises  [made  during  the  bubble 
years  of  1999-2002]  in  a  way  that  we 
could  see  how  to  build  a  dense  econom¬ 
ical  system  that  could  be  used  by  net¬ 
work  builders  as  opposed  to  just  tele¬ 
phone  companies.  So  we  took  a  lot  of 
the  work  that  we  had  been  doing  and 
tried  to  produce  a  really  dense,  potential¬ 
ly  economical  system.  We  were  making  a 
wager  that  the  optical  component  mak¬ 
ers  could  both  deliver  upon  their  promis¬ 
es  and  that  they  could  actually  do  some¬ 
thing  that  they  were  never  very  good  at 
—  make  the  price  go  down.  And  here  we 
are  almost  four  and  a  half  years  later. 

So  you  see  a  lot  of  press  releases  from 
people  saying  the  bright,  bright  future  is 
here  and  it’s  all  wonderful  and  it’s  easy  to 
do  and  “Gee,  why  aren’t  we  going  from 
40Gbps  to  lOOGbps  because  40G  is  so  yes- 
terday?”That’s  just  not  the  truth. 

So  your  new  DXM  product  is  intended  to 
bring  optics  to  enterprise  network 
builders  with  the  familiarity  of  a  Cisco 
router? 

The  people  that  we  are  probably  going  to 
sell  most  of  these  devices  to  have  multiple 
campuses  that  already  are  buying  multiple 
DS-3s.There  are  three  prongs  to  the  think¬ 
ing  about  this  product.  One  of  them  is  an 


economic  fact:  A  lot  of  fiber  went  into 
the  ground  during  the  bubble  and  [the 
people  deploying  it]  didn’t  really  have  a 
coherent  vision  as  to  what  they  were 
going  to  do  with  it. The  financial  results 
of  that  is  that  the  current  owners  of  these 
bits  of  glass  in  the  ground  can  charge  a 
pretty  reasonable  lease  fee  and  feel  that 
they’re  getting  an  excellent  return  on 
their  invested  capital. 

Another  prong  is,  computers  keep  getting 
faster.  And  what  we  see  is  that  at  these 
speeds  there’s  no  way  in  the  world  that 
humans  are  going  to  be  a  source  of  that. 
It’s  computers  that  do  it.  So  then  comes 
the  observation:  Well,  where  are  the  com¬ 
puters?  Corporations  own  computers  and 
they  have  a  need  to  have  them  talk,  man¬ 
age  them,  back  them  up. . .  .When  there’s 
enough  bandwidth  around  it  changes 
how  you  can  conduct  your  business. 

So  get  all  that  hooked  together  and  do  it 
in  a  way  that  you’re  not  paying  for  45Mbps 
at  a  time  every  month.  It  turns  out, 
because  of  the  finances  of  these  things,  if 
you  go  to  the  trouble  of  running  usually 
just  across  the  parking  lot  to  get  to  the 
fiber,  you  can  get  a  phenomenal  improve¬ 
ment  in  the  cost  per  bit  per  second.  It’s 
not  uncommon  to  see  the  cost  per  bit  per 
second  go  down  by  a  factor  of  100,  or 
even  500,  or  a  factor  of  1 ,000. 

What  price  per  bit,  per  second  are  you 
quoting  to  your  potential  customers? 

I  don’t  think  we  actually  usually  quote  a 
particular  price  but  here’s  how  it  typically 
goes:  A  DS-3  is  usually  a  couple  thousand 
dollars  a  month,  depending  on  where  you 
are  and  where  it’s  going.  For  a  fiber  ring 
around  a  metro  area,  if  you’re  only  stop¬ 
ping  in  three  or  four  places  you  get  a 
monthly  recurring  charge  in  the  $20,000- 
per-month  range.  And  there’s  a  onetime 
cost  to  get  to  the  fiber  rings,  and  it’s  usually 
$20,000  per  location. That’s  when  you  actu¬ 


ally  have  to  dig  a  ditch  to  get  there.  There’s 
the  cost  of  the  equipment,  which  in  our 
case,  for  a  lOOGbps  pizza  box,  is  one-eighth 
of  $1  million,  basically  Four  of  those  are 
$500,000  in  equipment.You  got  yourself 
200Gbps  of  bandwidth  out  of  that. . .  .That 
gives  you  10  cents  per  megabit  per  second. 

You  see  how  the  numbers  come  out. 
Even  if  it  were  10  times  more  expensive, 
it’s  such  a  change  that  it’s  almost  astound¬ 
ing  that  people  shouldn’t  be  running  to 
do  this,  because  it  changes  what  they  do 
in  their  business. They  stop  arguing  about 
a  scarcity. 

Do  you  think  the  DXM  has  the  potential 
to  impact  the  market  or  the  industry  as 
your  first  Cisco  router  did? 

If  anybody  had  claimed  in  1984  that  you 
could  purchase  a  graphically  displayed 
GPS  system  powered  by  batteries  for  $99  or 
less,  no  one  should  have  believed  you.  At 
the  time  you  were  spending  $250,000  for 
two  7-foot  racks,  and  at  best  it  read  out  the 
numbers  on  a  display 

1  can’t  quite  make  predictions  like  that 
it’s  going  to  change  the  whole  world;  it’s 
all  going  to  be  different.The  best  I  know  I 
can  tell  you  is,  when  you’re  getting  band¬ 
width  at  10  cents  per  megabit  per  second 
it’s  really  different  than  what  you  see  now. 

What's  your  impression  of  the  industry 
now  since  founding  Cisco,  and  of  Cisco’s 
influence  in  it? 

Cisco’s  doing  fine.  As  they’ve  grown,  they 
have  a  very  different  business  problem 
today  than  the  ones  that  I’m  interested 
in. They  need  to  be  all  things  to  all  peo¬ 
ple,  ranging  from  friendly  little  things 
that  people  who  ought  not  to  know 
much  about  networking  can  install  in 
their  homes,  to  the  CRS-1.  It’s  good  to 
see  the  benefits  of  broad,  efficient  data 
communications  being  made  available 
around  the  world.  I  just  wish  it  had  gone 
faster. There’s  still  access  problems  (that 
are)  primarily  political,  not  technical.  I 
wish  that  weren’t  true.  I  wish  there  was 
more  uniform,  easy  access  the  world 
round.  But  the  business  largely  has  devel¬ 
oped  very  well.  I’m  a  little  surprised  at 
the  rate  at  which  the  money’s  grown  in 
terms  of  the  size  of  the  business.  I  had 
certainly  expected  by  the  late  1980s  that 
it  was  going  to  be  possible  to  produce 
$100  routers.  But  I’m  not  sure  I  would 
have  guessed  that  there  would  have 
been  $39.95  routers.  ■ 
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_DAY  68:  The  business  climate  is  constantly  changing.  Our 
IT  environment  is  completely  rigid.  We  can’t  align  IT  to 
meet  the  larger  business  needs.  I  told  Gil  we  need  an  SOA 
so  we  can  be  proactive  for  once. 

_Gil  had  an  idea.  He  brought  in  contractors  and  made  the 
entire  office  “modular”  and  “flexible.”  Gil,  I  am  not  a  hamster. 

_DAY  70:  This  should  free  us  up:  IBM  SOA  Solutions  built 
with  IBM  WebSphere®  the  leading  integration  platform. 

Now  we  have  the  hardware,  software  and  services  for  a 
flexible  IT  infrastructure.  IBM  has  helped  3,600  companies 
implement  an  SOA.  And  getting  started  was  easy.  Our 
business  is  built  for  change. 

_I  don’t  have  to  crawl  with  my  coffee  anymore.  It’s  great. 
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SQUEEZING  OUT  EVERY  PRECIOUS  BIT 

In  this  special  package  of  Your  Take  interviews  on  IT  optimization,  learn  how: 

•  Lucasfilm  implements  clustered  computing,  dark  fiber  with  MPLS,  VoIP  andTCP  flow  optimization 
to  punch  up  performance. 

•  CME  Group  keeps  latency  down  to  a  few  milliseconds  on  its  global  trading  network. 

•  Aurora  Healthcare  is  centralizing  resources  and  implementing  WAN  acceleration  to  streamline 
its  network  of  180-plus  sites. 


IT  optimization  the  Lucasfilm  way 

How  the  company  that  created  “Star  Wars”  and  “Indiana  Jones”  wrings  the  most 
out  of  its  10G  Ethernet  network  and  4,000-plus  servers 


Can  you  describe  your  network  setup? 

Peter  Hricak:  For  our  campus  networks  we 
have  three  network  cores,  each  based  on  a 
pair  of  10G  Ethernet  chassis-based  routers 
with  a  total  of  128  10G  ports.  All  desktops  are 
usually  linked  at  1G  to  edge  switches,  which 
we  connect  to  building  distribution  cores 
with  two  10G  interconnects.The  building  dis¬ 
tribution  cores  then  aggregate  to  the  network 
core  with  four  10G  interconnects  each. 
Storage  is  directly  10G  connected;  we  try  to 
get  as  fast  a  path  to  the  storage  as  we  can. 

On  the  WAN,  we  have  two  OC-3’s  connecting 
our  campuses  in  the  Bay  Area  and  another  to 
Singapore.  We  also  have  10G  dark  fiber 
between  two  of  our  Bay  Area  campuses,  as 
well  as  a  10G  dark  fiber  line  to  a  telco  hotel  in 


Kevin  Clark  (left)  and  Peter  Hricak  are  in  constant  optimization  mode  to  help 
Lucasfilm  deliver  blockbusters  like  “Star  Wars.” 


forth,  especially  over  the  wide  area? 

PH: The  essence  of  the  traffic  is  the  work  in 
progress  that’s  being  transferred  and  worked 
on  by  artists  on  a  day-to-day  basis.This  is  gen¬ 
erally  large  image  files,  movies. We  do  frame 
accurate  motion  jpeg  on  our  transmission,  so 
they’re  not  very  compressed.They  are  ren¬ 
dered  at  night  by  a  render  farm  for  ILM.then 
reviewed  the  next  day  and  more  changes  are 
made  and  the  cycle  starts  again. 


What  does  the  render  farm  consist  of? 

Kevin  Clark:  We’ve  got  approximately  4,300 
processors  available  within  the  data  center. 
We  use  a  distributed  rendering  model, so 
we’ve  got  a  core  within  our  data  center  of 
varying  generations  of  systems,  but  primarily 


BY  PAUL  DESMOND 

Lucasfilm  is  the  creative  force  behind  a  host  of  special-effects- 
laden  motion  pictures,  including  the  “Star  Wars, ’’“Indiana  Jones” 
and  “Pirates  of  the  Caribbean”  series.The  firm  has  six  divisions  in 
addition  to  the  parent  company:  Industrial  Light  and  Magic,  the 
special  effects  group;  Lucas  Arts  and  Entertainment,  the  gaming  division; 
Lucasfilm  Animation;  Skywalker  Sound;  Lucas  Licensing;  and  Lucas 
Online.The  company  operates  from  three  locations  in  the  San  Francisco 
area  and  runs  the  Lucasfilm  Animation  facility  in  Singapore. 


As  you  might  expect,  the  demands  on  the  IT 
group  that  serves  the  company’s  1,200 
employees  are  significant,  given  the  comput¬ 
ing  horsepower  it  takes  to  enable  the  likes  of 
Johnny  Depp  to  ward  off  sea  creatures  with 
creepy  octopus-like  heads. 

Kevin  Clark,  director  of  IT  operations  for 
Lucasfilm,  and  Peter  Hricak,  senior  manager 
for  network  and  telecommunications,  explain 
how,  even  with  a  server  farm  of  more  than 
4,000  machines  and  a  WAN  with  lOGbps  links, 
optimization  is  a  must. 


downtown  San  Francisco. 

What  kinds  of  traffic  are  going  back  and 
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dual-core,  dual  [AMD]  Opteron  blades  with 
up  to  16M  of  memory  on  board. We  also  use 
available  workstations  that  are  out  on  the 
floor  [such  as  after  artists  log  off  for  the 
night], Those  are  typically  single-core  or  dual¬ 
core,  dual  Opteron  HP  workstations.  So  the 
render  farm  in  total  comprises  about  5,500 
processors. 

How  does  the  rendering  process  work? 

PH:  We  take  models  and  textures  and 
through  mathematical  equations  —  some¬ 
times  through  off-the-shelf  software,  some¬ 
times  through  our  own  —  we  render  the  final 
images.  On  the  more  difficult  effects  like 
water,  what  goes  in  is  textures  and  some  gen¬ 
eral  physics  equations,  and  what  comes  out  is 
a  two-minute  sequence  of  a  boat  being 
[swamped]  by  a  wave. 

How  do  you  go  about  optimizing  an  environ¬ 
ment  like  that? 

KC:  It’s  kind  of  a  brute  force  approach  in 
that  you  utilize  all  resources  that  are  available. 
Were  looking  at  making  that  process  more 
efficient  by  utilizing  multicore  processors. 
Also,  from  a  power-efficiency  perspective,  our 
render  nodes  are  diskless  blade  servers,  66  of 
them  per  cabinet.The  cabinet  plugs  in  straight 
to  480V  AC  power.  We  convert  that  to  480V 
DC,  then  distribute  48V  DC  to  each  node  in 
the  cabinet. So  were  bypassing  our  PDUs 
[power  distribution  units], There’s  less  energy 
loss  in  stepping  down  directly  from  480  to  the 
nodes  vs.  if  we  step  it  down  to  the  PDUs  at 
240V  and  then  distribute  out  from  there. 

In  terms  of  optimizing  our  storage,  we  do 
deal  with  a  lot  of  storage  online.  It’s  up  to 
about  300TB  online  now,  maybe  just  under.  A 
lot  of  that  is  active  data.  Once  a  shot  is  com¬ 
pleted  and  final,  we’ll  archive  that  and  remove 
it  from  the  storage  cluster.  One  of  the  prob¬ 
lems  that  we  run  into,  these  shows  grow  in 
terms  of  complexity  and  require  more  and 
more  render  and  storage  utilization.  For  exam¬ 
ple,  when  we  did  [“Star  Wars”]  Episode  3, 
back  in  2005,  that  took  up  about  29TB  on  our 
storage  cluster.Tirates”  2  went  up  to  60  and 
“Pirates”  3  went  up  over  100.  So  we’re  really 
trying  to  work  on  how  we  can  be  more  effi¬ 
cient  in  terms  of  workflow  and  our  pipeline 
utilization  so  we  can  get  that  data  offline 
quicker  vs.  just  adding  disk. 

PH:  Another  optimization  effort  is  the  appro¬ 
priate  retirement  of  old  equipment.  We  quick¬ 
ly  realized  that  you  end  up  spending  more  in 
service,  support  and  power  for  what  after 
three  or  four  years  becomes  a  pretty  small 
computer  that  can  be  replaced  with  new 
hardware  that’s  more  efficient.  We  can  replace 
four  racks’  worth  of  equipment  with  one  rack 
of  new  gear. That  clearly  shows  a  savings  on 
the  power  front  year  after  year. 

Do  you  have  a  figure  for  when  your  equip¬ 
ment  is  fully  amortized? 

KC:  We  typically  work  on  a  three-year  cycle 
for  depreciation.  But  we  have  a  refresh  cycle 
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Home  network: 

Four-PC  wireless  network, 
not  includingTiVo. 

“Nothing  extravagant,  but 
it  is  secure.” 

Gigabit  network  with  14  devices,  with 
DSL  to  the  Internet  and  a  [Code 
Division  Multiple  Access]  backup. 
“My  girlfriend  is  also  very  computer¬ 
intensive,  so  most  of  my  network  is 
for  her.  She's  the  one  who  demands 
the  uptime  and  reliability.” 

that  is  much  faster  than  three  years.  We’ll 
refresh  systems  for  a  specific  artist  or  disci¬ 
pline  every  12  months,  sometimes  less. We 
might  be  able  allocate  those  two  older  work¬ 
stations  out  for  a  different  discipline  that’s  not 
going  to  need  the  same  amount  of  memory 
or  the  same  processing  requirements,  or  we 
can  reuse  that  for  some  type  of  administrative 
task. 

What  kinds  of  things  have  you  done  to  opti¬ 
mize  your  wide-area  links? 

PH:  We  have  a  dark  fiber  line  to  a  telco 
hotel.  We  run  a  10G  link  with  virtual  LANs 
and  MPLS,  so  we’re  able  to  bring  in  a  variety 
of  services  on  the  same  link.  We  can  have 
telephony  private  data  to  another  studio,  and 
public  Internet  services  all  running  on  the 
same  high-capacity  pipe. Without  having  to 
build  a  last  mile  for  each  of  these  carriers,  it’s 
much  easier  to  bring  in  services  rapidly  and 
cost  effectively 

What  about  on  the  campus  —  any  network 
optimization  efforts  there? 

PH:  We’re  a  100%  VoIP  shop  at  this  point. 
One  of  the  advantages  that’s  brought  us  is 
that  by  bringing  Power  over  Ethernet  down 
to  the  port,  we’ve  managed  basically  to 
implement  standards-based  power  to  every 
desk,  for  everything  from  access  points  to 
telephone  sets. 

How  are  you  dealing  with  power  and  cool¬ 
ing  issues  in  your  data  centers? 

KC:  We’re  pretty  aggressively  pursuing  virtu¬ 
alization  options  to  reduce  the  number  of 


physical  servers.  I’m  sure  everyone  else  suf¬ 
fers  from  the  same  thing  where  you’ve  got 
maybe  10  different  types  of  servers,  whether 
they’re  FileMaker  or  some  other  type  of 
application,  but  they’re  highly  underutilized. 
We’re  working  on  consolidating  those  where 
we  can.  We’re  also  pretty  aggressively  look¬ 
ing  to  retire  some  older  render  systems  that 
we  know  aren’t  nearly  as  power-efficient. 
We’re  going  to  pull  those  out  and  replace 
about  17  racks  of  [AMD]  Athlon-based  ren¬ 
der  processors  that  are  4  or  5  years  old  with 
a  single  rack  of  the  newest-generation  dual¬ 
core,  and  soon  to  be  quad-core,  dual 
Opteron  blade  render  systems.  So  we  can 
save  both  on  power  efficiency,  as  well  as  the 
heating/cooling  perspective. 

What  kinds  of  things  do  you  do  to  optimize 
the  performance  of  your  various  Web  sites? 

PH:  What  we’ve  done  isn’t  as  much  as 
we’re  planning  on  doing.  We  are  upgrading 
the  hardware,  getting  them  on  a  platform 
with  many  fewer  servers  than  they  current¬ 
ly  have.  We’re  also  looking  at  TCP-flow  opti¬ 
mization  as  well  as  some  caching.  Flow 
optimization  really  helps  the  server  count. 
What  I  was  doing  with  10  servers,  I  can 
now  do  with  four.  That’s  just  through 
straight  TCP  optimization  of  the  protocol, 
keeping  connections  open  instead  of  clos¬ 
ing  them  down  all  the  time. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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Information  Management 


_DAY  53:  We’re  flooded  with  information.  Data.  E-mails. 
Web  content.  Video.  It’s  trapped  in  unconnected  systems. 
It’s  practically  inaccessible.  We  need  to  do  something. 

_Gil  needs  help  finding  the  right  info,  but  I  specifically 
listed  “fear  of  heights’’  as  a  weakness  during  my  last  review. 

_DAY  54:  The  answer:  IBM  solutions  for  leveraging  information. 
They  can  help  us  build  a  high-performance  infrastructure  to 
bring  info  together,  up  and  down  the  stack.  IBM  middleware 
consolidates  critical  structured  and  unstructured  info 
across  the  silos  for  a  single,  unified  view.  IBM  servers 
and  storage  give  us  virtualization  for  improved  utilization. 

_Now  we  can  make  better  decisions  with  our  info.  I  feel  so 
much  more  grounded  now. 
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On  CME  Globex,  milliseconds  matter 

Optimizing  its  global  trading  network  helps  CME  Group  conduct  trades  faster  and 
keep  up  with  ever-increasing  demand 


BY  PAUL  DESMOND 

CME  Group  is  the  world’s  largest  exchange,  with  trading  volume  aver¬ 
aging  more  than  1 1  million  contracts  per  day  in  July  2007.  Formed 
by  the  recent  merger  of  Chicago  Mercantile  Exchange  Holdings  with 
CBOT  Holdings,  the  company  offers  a  marketplace  to  trade  products 
that  range  from  agricultural  goods  to  real  estate  investments. 


Nearly  80%  of  all  trading  occurs  on  the 
CME  Globex  electronic  trading  network. 

Joe  Panfil,  director  of  enterprise  technology 
services  for  CME  Group,  explains  how  opti¬ 
mizing  his  IT  environment  helps  him  keep 
up  with  the  dramatic  increase  in  demand. 

Electronic  trading  at  CME  has  seen  a  com¬ 
pound  annual  growth  rate  of  300%  since 
2000.  How  do  you  keep  up  with  that  kind  of 
growth? 

The  way  we’ve  dealt  with  it  is  we’ve  been 
on  the  leading  edge  of  WAN  connectivity. 
Where  we  used  to  use  a  56K  line,  we’re 
offering  our  customers  20M  and  40M 
circuits. 

Who  are  your  customers? 

Big  banks,  big  FCMs  [futures  commission 
merchants] ,  UBS,  JP  Morgan,  Morgan 
Stanley,  those  types. 

Can  you  walk  through  the  network  setup? 
I  understand  you  ’ue  got  three  major  data 
centers  in  the  Chicago  area,  another  in 
London,  plus  six  hub  sites  throughout 
Europe  and  another  hub  in  Singapore. 

Right.  Our  remote  facilities  are  all  con¬ 
nected  by  multiple  diversely  routed  [dense 
wavelength  division  multiplexing]  rings. 
Each  ring  is  equipped  with  multiple  load- 
balanced  10G  Ethernet  links.  The  rings  are 
configured  to  provide  maximum  resiliency 
with  minimal  transport  latency.  We’re  in  the 
microseconds  when  we  talk  about  going 
between  data  centers. 

How  many  sewers  do  you  have? 

We’re  at  about  3,600  servers.  We  count 
one  system  as  a  server,  but  one  system 
could  have  16  CPUs.  Of  the  3,600,  about 
3,200  are  Unix  and  Linux,  with  Linux  being 
80%.  And  the  rest  are  Windows  and  Novell 
servers.  And  we  have  approximately  18 
Tandems. 

Last  year,  Network  World  wrote  that  trades 
execute  in  50  to  60  milliseconds  on  aver¬ 


age,  down  from  about  140  millisec  in 
January  2004.  What  kind  of  work  have  you 
done  in  optimizing  performance  to  get  those 
kinds  of  numbers? 

We  have  new  numbers  now.  On  our 
options  platform,  we’re  using  a  different 
type  of  engine.  It’s  in  the  range  of  3  to  5  mil¬ 
liseconds  for  matching,  so  it’s  a  lot  faster. 

On  futures,  we’re  on  the  same  platform  we 
were  on,  but  now  we’re  in  the  20-  to  35- 
millsecond  range.  So  on  each  platform,  we 
increased  our  speeds  and  dropped  our 
latencies. 


With  the  futures  engine,  it’s  been  centered 
mostly  around  optimizing  the  code.  We 
always  go  to  new  hardware  when  a  manu¬ 
facturer  has  newer,  faster  hardware.  But 
beyond  that,  it’s  how  quick  we  can  make 
the  code  that  does  the  [trade]  matching. 

Do  you  do  anything  to  the  machines  them¬ 
selves  to  try  to  optimize  them? 

Outside  of  code  optimization,  we  do 
everything  possible  for  operating  system 
optimization  and  then  all  the  peripherals. 
For  critical  parts  of  data  that  we  write  to 
often,  we’re  in  the  process  of  moving  those 
blocks  of  data  to  solid  state  storage  arrays. 
[Editor’s  note:  Solid-state  storage  is  based 
on  integrated  circuits,  requires  no  moving 
parts  and  is  typically  faster  than  tape  or 
optical  storage  mediums.]  We  already  do  it 
on  the  options-based  engine,  and  we’re 
starting  to  do  it  on  the  futures-based 


For  Joe  Panfil,  optimization  comes  down  to  simple  mathematics:  If  he  can 
help  make  trades  happen  faster,  CME  Group  can  process  more  trades. 
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engine.The  futures-based  engine  is  based 
on  a  Tandem  platform.  We  were  one  of  the 
first  customers  in  the  world  to  start  using 
SAN  storage  on  that  platform.  So  between 
SAN  and  the  solid-state  arrays,  all  the  talk¬ 
ing  between  any  storage  is  greatly 
increased  in  speed. 

What  other  steps  are  involved  in  optimiz¬ 
ing,  such  as  with  the  OS? 

It’s  a  matter  of  distributing  resources  as 
you  need  them. There’s  kernel-tuning 
parameters  that  are  adjusted,  plus  things  in 
the  TCP/IP  layer.  It’s  tweaks  here  and  there. 
We  do  a  lot  of  [processing]  in  memory.  I 
don’t  think  it’s  a  secret  that  you  do  stuff  in 
memory;  it’s  quicker  than  doing  it  out  to 
disk,  even  if  it  is  SAN  and  solid-state 
storage. 

Optimization  also  extends  to  reliability 
and  CME's  trading  systems  are  rated  at  five 
9s  reliability.  What  are  some  of  the  key  steps 
you 've  taken  to  achieve  that? 

The  key  step  is  we  have  a  team  that 
reviews  single  points  of  failure,  and  we 
eliminate  them.  When  you  start  with 
Tandem,  the  hardware  itself  is  redundant. 

In  the  Linux  world,  we’ll  have  multiple 
servers  that  are  clustered,  so  you  have 
redundancy  there.  And  then  it  just  works  its 
way  back.  If  I  have  a  switch,  and  I’m  talking 
between  the  order  engine  environment 
and  the  match  engine  via  one  path,  the 
backup  path  for  that  engine  and  for  that 
order  entry  environment  is  going  to  be  on 
a  totally  separate  network  switch.  So  we 
could  in  essence  lose  a  whole  network 
switch,  and  we  should  have  failover  within 
seconds  to  the  backup  path. That’s  what  we 
do  across  the  board.  For  every  server,  let’s 
say  a  gateway  server,  there’s  a  backup  hot 
gateway  server.  And  we’re  using  a 
publish/subscribe  protocol,  so  if  we  have  a 
failure  of  a  primary  server,  the  secondary 
server  automatically  starts  reading  that 
data  and  passing  it  on. 

What  kinds  of  power  and  cooling  issues 
are  you  facing  in  your  data  centers? 

We  built  our  two  main  data  centers  with 
power  and  cooling  redundancy  in  mind, 
but  also  a  high  power  rating  per  square 
foot.  We’re  leveraging  new  Liebert  XDO 
[rack-cooling]  technology  that  does  cool¬ 
ing  from  above,  with  a  liquid  vs.  an  outside 
cooling  source.  We  have,  like,  the  first  10 
serial  numbers  that  they  started  to  make. 

We  stay  on  top  of  all  this  stuff. 

As  far  as  saving  money,  we  have  one  data 
center  equipped  to  process  outside  air. 
We’re  able  to  shut  off  the  air  conditioners 
for  most  of  the  winter  because  we  just  take 
the  outside  air  that’s  already  cool  and 
process  it,  to  control  things  like  dust  and 
humidity,  and  use  it  within  the  data  center. 

To  what  extent  are  you  using  virtualization 
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Title:  Managing  director  of  enterprise  technology  services 


Organization: 

CME  Group 

Responsibilities: 

Computer  operations,  distributed  computing  environment,  storage, 
monitoring  group,  information  security  and  data  center  staff. 

Annual  budget: 

Undisclosed,  other  than  to  say  CME  Group  spends  90%  of  its 
capital  budget  each  year  on  IT. 

IT  staff: 

About  600  total,  120  in  his  group 

Previous  jobs: 

IT  positions  atTradelink,  a  trading  firm,  for  seven  years;  First 
Option  of  Chicago  for  one  year;  and  Rich,  a  trading  system  company, 
for  three  years. 

First  PC: 

Atari  520ST 

Home  network: 

Four  computers  wired  to  a  switch,  which  is  connected  to  a  router 
linked  to  the  Internet.  “We  built  the  house  four  years  ago  and  had 
all  the  rooms  wired  with  CAT-5." 

Words  to  live  by: 

Always  do  what's  right  for  the  customer. 

to  help  optimize  your  environment? 

We’re  doing  that  more  in  our  develop¬ 
ment  environments.  We  have  real  critical 
requirements  for  our  production  systems.  In 
essence,  I  could  have  a  production  system 
running  at  5%  CPU  use,  and  the  [govern¬ 
ment  releases]  the  unemployment  number 
and  there’s  a  big  change  and  [use]  jumps 
to  75%.  Let’s  say  I  was  running  four  virtual 
servers  on  that  box  and  they  all  had  that 
jump. The  CPU  would  get  flooded  and  run 
out  of  cycles  to  give  out  and  the  user 
would  experience  latency. That’s  unaccept¬ 
able  in  our  world.  But  in  our  development 
and  QA  environments,  it’s  acceptable  to  do 
virtualization. 

What  kind  of  benefit  has  that  given  you? 

We  are  in  the  middle  of  doing  it.  We  esti¬ 
mate  we’re  going  to  knock  down  our  devel¬ 
opment  and  [quality-assurance]  environ¬ 
ments  by  about  50%.  It’s  about  400  servers 
now. 

Whose  virtualization  software  are  you 
using? 

We’re  using  two  pieces  right  now:  Xen 
from  Redhat  Linux  and  Sun  Solaris 
Containers. 

What  other  steps  have  you  taken  to  opti¬ 
mize  your  IT  environment? 

A  big  push  that  we’ve  made  over  the  last 
couple  of  years  is  to  really  get  off  of  propri¬ 
etary  hardware  and  get  on  to  x86,  Intel  and 
AMD-based.  We  try  to  not  focus  on  a  single 
vendor.lt  could  be  HRDell  or  IBM. We  don’t 
really  discriminate.  It’s  what  vendor  can 
meet  our  specs  and  is  giving  us  a  good 
price. 

Lots  of  people  like  to  go  with  the  same 
vendor  to  ease  management,  procurement 


and  the  like.  How  do  you  deal  with  some  of 
those  issues  given  that  you  prefer  to  use 
multiple  vendors? 

We  have  a  spec  that  we  wrote  and  have 
basically  given  the  spec  to  all  the  vendors. 
We’re  looking  for  them  to  design  to  that 
spec,  which  is  along  the  lines  of  a  Linux¬ 
centric  server.  A  lot  of  vendors  were  taking 
the  boxes  that  they  were  building  for 
Windows  and  saying, ‘OK,  you  can  start 
using  it  for  Linux.’ And  it  was  missing  things 
like  management,  even  things  like  hardware 
alerts.  We  work  really  closely  with  the  man¬ 
ufacturers  and  push  them  to  get  what  we 
want. 

How  quickly  do  you  amortize  a  typical 
system  ? 

I  think  we  were  on  a  three-year  cycle.  But 
with  our  electronic  trading  environment  it’s 
probably  closer  to  18  months,  because 
when  new  hardware  comes  along,  we  can 
get  benefit  out  of  that.  What  we’ve  found 
historically  is  that  when  we  make  the  elec¬ 
tronic  trading  environment  faster,  more 
trades  happen.  We’re  not  saying  more 
trades  happen  because  we’re  faster;  we’re 
just  enabling  it  to  happen.  If  each  trade 
took  a  second,  and  you  had  one  user  put¬ 
ting  in  trades,  they  could  get  60  in  a 
minute.  If  you  cut  that  down  to  a  half-sec¬ 
ond,  they  could  get  120  trades  in.  If  your 
user  base  stays  the  same  and  your  time 
stays  the  same,  then  you’re  going  to  reach 
some  limit  as  to  how  many  trades  you  can 
have.  Because  we  keep  trimming  the  time 
back,  we  keep  coming  to  a  new  record 
quarterly. 

Desmond  is  events  editor  for  Network 
World  and  president  of  PDEdit,  an  IT  pub¬ 
lishing  company  in  Southborough,  Mass. 
Reach  him  at  paul@pdedit.com. 
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.INFRASTRUCTURE  LOG 

_DAY  56:  Our  voice  and  data  networks  are  out  of  control. 
Nothing’s  unified.  Nothing’s  integrated.  We  have  to  use 
different  devices  for  different  things.  Gil’s  had  enough. 

_He’s  welding  every  device  in  the  office  together  with 
a  blowtorch.  He  calls  it  “The  Unifier.” 

_DAY  57:  I  found  a  better  way:  Unified  Communications  and 
Collaboration  solutions  from  IBM.  Now  we  can  integrate 
our  networks  to  give  us  real-time  access  on  virtually  any 
device.  With  the  IBM  Lotus®  Sametime®  7.5  platform  we  get 
way  more  than  IM.  It  combines  IP  Telephony,  Web  conferencing 
and  more  into  a  single  interface.  We’re  working  fast  and 
for  less. 

.Does  this  mean  our  office  is  no  longer  a  hard-hat  zone? 
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Aurora  preps  for  a  wholesale  change 
in  network  strategy 

Large  Wisconsin  healthcare  provider  explores  a  centralized  server  strategy  and 
WAN  acceleration  to  optimize  its  network  of  180-plus  sites 


BY  PAUL  DESMOND 

urora  Health  Care  employs  more  than  25,000  people,  making  it 
the  second-largest  private  employer  in  Wisconsin.  Aurora  IT 
serves  more  than  180  facilities  in  the  eastern  part  of  the  state, 
mostly  health  clinics  of  varying  sizes,  but  also  13  hospitals, 
including  Aurora  St.  Luke’s  Medical  Center  in  Milwaukee,  the  state’s 
largest  private  hospital. 


Charged  with  keeping  Aurora’s  network 
and  applications  healthy  is  an  IT  group  that 
numbers  about  600,  including  Greg  Ragsdale, 
a  senior  enterprise  network  engineer.  Rags¬ 
dale  explained  some  of  the  steps  Aurora  is 
taking  to  optimize  the  network  and  get  the 
most  out  of  the  staff  of  15  that  maintains  it. 

Can  you  describe  your  network  setup? 

We  are  set  up  in  a  hub  and  spoke  environ¬ 
ment.  We  have  five  regional  hubs  that  split 
the  state  up  geographically.  Four  of  them  are 
hospitals,  the  other  is  our  data  center,  which 
serves  as  the  regional  hub  in  the  metro 
Milwaukee  area.  Each  of  our  clinics  and  hos¬ 
pitals  connect  to  one  of  the  hubs  and  we  tie 
in  pharmacies  using  a  frame  relay  MPLS  net¬ 
work.  Everything  ultimately  comes  back  to 
our  core  data  center  in  Milwaukee. 

We  do  everything  Ethernet  on  the  LAN 
side,  everything  from  100M  bit  to  Gigabit, 
with  a  little  bit  of  lOG.In  our  WAN,  we  have  a 
few  DSL-connected  sites  —  about  a  dozen 
and  half  of  those,  which  we  connect  to  the 
data  center  using  secure  VPN  tunnels  over 
the  Internet. The  majority  of  our  clinics  use  T- 
1  or  multiples  thereof;  we  have  some  that 
have  two  or  three  T-ls  aggregated  together.  All 
of  our  regional  hubs  are  fed  by  DS3s.We 
have  four  hospitals  in  the  Milwaukee  area 
that  are  connected  via  metropolitan  Gigabit 
Ethernet.  Our  largest  facility,  St.  Luke’s 
Medical  Center,  which  is  less  than  a  half  mile 
away  from  our  corporate  officers  fed  by  10 
Gigabit. 

What  kinds  of  traffic  are  going  back  and 
forth? 

The  bulk  of  it  is  electronic  charting,  from 
our  medical  records  application. There’s  also 
scheduling  and  billing  information  as  well  as 
administrative  apps  like  e-mail,  Internet 
access,  and  file  and  print  services.The  other 
big  one  is  medical  imaging  —  MRI  scans,  CT 


scans,  things  like  that.  We  don’t  have  that 
everywhere,  but  it’s  being  pushed  out  to  clin¬ 
ics  more  and  more.  We’re  seeing  even  small¬ 
er  clinics  getting  64-slice  [high-resolution] 

CT  scanners  —  very  sophisticated  equip¬ 
ment  that  creates  very  large  images.  We 
archive  the  images  in  our  core  data  center 
and  need  to  provide  access  to  the  local  radi¬ 
ologists  and  doctors  in  the  clinics.The 
images  have  to  be  diagnostic  quality  And  we 
also  have  radiologists  on  call.  So  if  a  patient 
comes  into  the  hospital  in  the  middle  of  the 
night  and  has  to  have  an  image  taken,  the 
radiologist  needs  to  be  available  to  read  that 
right  away,  so  they’re  typically  connected  at 
home  via  DSL  or  cable  modem. That’s  also  a 


challenge  for  us,  getting  those  images  out  to 
them  quickly  for  diagnosis. 

What  do  you  do  to  optimize  your  network 
links? 

We  have  implemented  a  standard  quality- 
of-service  policy  for  all  our  remote  sites. 
Today  it’s  simply  class-based  queuing.  We’re 
using  a  percentage-of-bandwidth  approach 
to  guarantee  delivery  to  some  applications, 
such  as  the  electronic  medical  records,  and 
restrict  bandwidth  to  others,  such  as  back¬ 
ups,  which  we  limit  during  normal  operating 
hours. 

We  are  evaluating  consolidating  our  servers 
to  a  centralized  site.  So  we  would  remove 
local  file  and  print  servers  from  each  remote 
site  [and  operate  them  in  the  data  center 
instead] .  In  order  to  do  that,  we  have  to  make 
sure  the  WAN  can  handle  the  traffic.  So  WAN 
optimization  is  playing  a  heavy  role  in  that. 

What’s  the  idea  behind  centralizing  all  of 
your  file  and  print  servers? 

Getting  all  those  servers  bundled  together 
with  a  centralized  group  taking  care  of  them 
will  create  efficiencies.  It  provides  a  single 


Greg  Ragsdale  is  looking  at  a  centralized  server  strategy  and  WAN 
optimization  tools  to  help  keep  Aurora  Health  Care’s  network  humming. 
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point  of  administration,  removes  some  com¬ 
plexity  and  reduces  the  turnaround  time  for 
adding  new  users,  modifies,  deletes,  things 
like  that. 

It’s  going  to  be  a  lot  easier  from  a  server 
administrator  standpoint  if  we’re  able  to  elim¬ 
inate  file  and  print  servers  at  more  sites  and 
just  have  WAN  accelerators  in  place. They 
require  a  lot  less  maintenance  and  upkeep  to 
worry  about  than  with  file  servers.  Not  just 
maintenance  of  the  server  itself,  but  making 
sure  the  operating  system  is  patched  right, 
backups  are  done,  everything  like  that. 

What  are  some  of  the  WAN-acceleration 
technologies  you’re  exploring ? 

We’ve  looked  at  several  different  products. 
The  vendors  we’re  looking  at  all  seem  to  do  it 
pretty  similarly  One  of  the  two  common  ways 
to  do  it  is  to  plug  the  accelerator  in-line  with 
your  router  in  your  local-area  network.The 
other  is  to  run  it  out-of-band,  using  the  WCCP 
protocol,  or  Web  Cache  Communication 
Protocol.That  was  a  proprietary  Cisco  proto¬ 
col  but  it  has  become  a  de  facto  standard. 
Some  vendors  say  we’ll  do  both  but  we  prefer 
one  over  the  other.  But  they  all  pretty  much 
come  down  to  caching  files  and  data  pat¬ 
terns  on  the  remote  side.They  analyze  bit  pat¬ 
terns  to  find  patterns  that  repeat  [and  can  be 
taken  out  and  cached.]  1  look  at  it  as  kind  of 
the  ultimate  in  recycling. 

Have  you  tested  any  of  the  WAN  accelera¬ 
tors? 

We  have  one  product  in  at  one  location.  We 
did  it  as  a  pilot  for  a  Sybase  database  applica¬ 
tion  for  the  visiting  nurse  arm  of  our  services. 
These  nurses  carry  laptops  with  them  and 
they  go  out  and  visit  people  at  home.  They 
have  to  download  a  copy  of  the  database. 

The  database  has  grown  to  6GB  or  7GB,  so 
they  were  having  a  hard  time  getting  that 
done  in  a  timely  manner.  Initially  the  WAN 
acceleration  product  worked  very  well  —  we 
saw  upwards  of  85%  of  all  the  data  being 
cached  locally,  which  greatly  improved  their 
performance.  But  [for  Health  Insurance 
Portability  and  Accountability  Act  compli¬ 
ance]  that  database  has  now  moved  to 
encrypted  technology  that’s  proprietary  to 
the  database  —  it’s  not  SSL  or  one  of  the 
open  standards.  So  now  the  percentage  of 
data  being  cached  locally  is  only  in  the 
teens. 

Is  there  any  solution  for  that? 

We  don’t  have  a  solution  in  place  at  this 
time.  Part  of  it  is  the  nature  of  the  application. 
Sybase  is  doing  their  own  encryption  and 
they  won’t  divulge  details  of  what  they  do.  So 
there  isn’t  any  product  out  there  today  that 
can  help  with  that.  [The  WAN  acceleration 
vendor  is]  looking  at  doing  some  upgrades, 
but  nothing  in  the  immediate  future. 

A  couple  of  the  vendors  we’re  looking  at  do 
offer  acceleration  for  encrypted  traffic,  but  it’s 
all  SSL-based. That’s  going  to  be  key  because 
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Title: 

Senior  enterprise  network  engineer 

Responsibilities: 

One  of  several  on  the  team  responsible  for  routing,  switching, 
wireless,  WAN  circuits,  design  and  maintenance  of  the  network, 
troubleshooting,  DNS  and  DHCP  services  and  security  services. 

Previous  jobs: 

Network  engineer  at  CVS  pharmacy 

Education 

B.S.  in  Business  Management,  Milwaukee  School  of  Engineering. 

First  PC: 

Commodore  64 

Home  network: 

Wireless  LAN  with  a  Mac  and  two  laptops 

First  experience 
with  the  Internet: 

First  IT  job  was  working  the  help  desk  at  college  in  the  mid- 
1990s,  using  the  Mosaic  browser. 

our  applications  are  moving  more  to  the 
encrypted  world.  But  with  this  Microsoft  proj¬ 
ect  the  bottom  line  comes  down  to  this:  We 
either  put  WAN  accelerators  at  each  site  or 
we  put  local  file  and  print  servers  at  each 
site. The  cost  differential  for  100-plus  sites  can 
be  pretty  big. 

Do  you  have  a  ballpark  figure  on  what  that 
cost  differential  is? 

You  have  to  talk  total  cost  of  ownership. We 
can  put  a  single  appliance  at  the  site  for  WAN 
optimization  or  acceleration  and  it’s  man¬ 
aged  centrally  by  our  group.  Or  you  have  a 
local  file  server  which  has  to  be  maintained 
and  backed  up,  so  you  have  to  account  for 
storage  space  on  a  [storage-area  network]  or 
tapes  or  whatever.  Plus  there’s  the  mainte¬ 
nance  and  upkeep  of  the  server  itself.  Putting 
hard  numbers  against  it,  list  price  on  most  of 
the  remote  side  WAN  accelerators  is  between 
$7,000  and  $10, 000. You  can  probably  put  a 
low-end  server  out  for  around  $5,000.  But 
then  accounting  for  disk  space  on  a  SAN, 
bandwidth  used  for  backups  and  things  like 
that,  it  comes  out  to  much  more. 

What  kinds  of  things  do  you  do  to  ensure 
your  switches  and  routers  are  optimized 
and  running  at  peak  performance? 

We’re  a  very  heavy  user  of  [CA]  Spectrum. 
Everything  we  control  and  have  responsibility 
for  is  monitored  by  Spectrum  —  switches, 
routers,  wireless  access  points,  any  sort  of 
appliances  that  we  have.  We  don’t  just  use  it 
for  up/down  alarming.  On  our  WAN  circuits, 
we  watch  bandwidth  utilization.  We  have 
thresholds  such  that  if  bandwidth  rises  above 
a  certain  percentage,  Spectrum  will  send  e- 
mails  to  alert  us.Then  we  can  track  and  trend 
those  over  time  and  explore  whether  we 
need  to  add  bandwidth. 

Also  within  our  network  team  we’ve  formed 
a  couple  of  subgroups,  including  a  standardi¬ 
zation  group.  We  meet  monthly  and  go  over 
everything  from  firmware  versions  on  routers 
and  switches,  access  points  and  such  to  stan¬ 
dardized  configurations,  standardized  nam¬ 
ing  conventions,  that  kind  of  thing.  We  make 


recommendations  for  improvements.  We  also 
have  an  outage  review  group  that  meets  week¬ 
ly  to  track  all  of  our  outages.  If  a  circuit  drops, 
if  a  router  or  switch  dies,  we  track  all  of  that 
and  look  at  the  previous  week’s  outages  to 
determine  what  happened. Then  we  look  back 
over  the  last  few  weeks  to  identify  trends. 
Maybe  that  leads  us  to  find  a  bug  in  the 
firmware.  We  do  periodic  checks  of  the  latest 
firmware  releases  from  all  of  our  vendors.  We 
don’t  necessarily  want  to  always  be  on  the  lat¬ 
est  and  greatest,  but  we  always  want  to  look 
and  see  if  there  are  known  bugs  that  have 
come  up,  security  vulnerabilities  or  if  there’s  a 
new  feature  we  need  or  would  like  to  take 
advantage  of. We  try  and  fold  that  into  the  stan¬ 
dards  group,  so  once  a  month  we’re  taking  a 
look  at  firmware  releases  from  all  our  vendors. 

What  other  optimization  efforts  have  you 
undertaken? 

Recently  we’ve  made  some  changes  to  our 
change  control  process.  As  an  IT  group,  a  sug¬ 
gestion  came  out  of  an  audit  we  had  done  a 
year  ago,  so  we  made  some  changes  there. 
Everything  we  do  is  logged  and  tracked,  and 
our  management  looks  at  [the  change 
reports] . 

What  kind  of  modifications  did  you  make  in 
your  change  management  approach? 

We  have  updated  our  existing  change  con¬ 
trol  process  using  IT1L  [IT  Infrastructure 
Library]  best  practices  as  a  foundation, 
including  the  creation  of  a  Change  Advisory 
Board.  We’ve  made  improvements  in  change 
categorization  and  process  flow,  added  more 
consistency  to  our  management  review  and 
approval  processes,  and  we’ve  improved  our 
internal  audit  process  to  ensure  compliance. 
We’ve  also  made  updates  to  our  change  con¬ 
trol  tracking  application  to  reflect  these 
process  changes  and  to  provide  a  single  tool 
used  by  all  of  IS. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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.INFRASTRUCTURE  LOG 


_DAY  25:  Our  ad  hoc  security  solutions  are  out  of  control. 
We’re  not  prepared  for  new  threats.  We’re  always  playing 
catch-up.  We’re  leaving  ourselves  vulnerable  and  exposed. 

.Gil’s  had  a  security  epiphany:  high-powered  lasers. 
They’re  everywhere.  I  keep  zapping  myself  as  I  type. 

.DAY  26:  I’m  taking  back  control  with  an  end-to-end  security 
solution  from  IBM.  Their  security  service  experts  can 
come  in  and  help  us  assess  our  security  needs.  IBM  Tivoli® 
helps  us  monitor  and  respond  to  threats  while  managing 
access  to  our  critical  information.  And  the  IBM  System  z™ 
mainframe’s  encryption  and  multilevel  security  features 
are  legendary. 

.That’s  great.  But  it  won’t  bring  back  my  left  sideburn. 


IBM.COM/TAKEBACKCONTROL/SECURITY 


OLEAR  CHOICE  TEST  APPLICATION  ACCELERATION 


Application  acceleration: 
Making  Windows  go  fast 

Tests  show  big  bandwidth  savings,  faster  transfer  times 


BY  DAVID  NEWMAN,  NETWORK  WORLD  LAB  ALLIANCE 

Imagine  walking  into  the  CIOs  office  tomorrow  and  saying,“I  can  cut 
our  WAN  consumption  by  as  much  as  80  times,  speed  file  transfers 
as  much  as  45  times  and  make  our  Windows  users  a  whole  lot  hap- 
pier.”Think  youd  get  the  CIO’s  attention? 

Those  aren’t  just  idle  claims.  Seven  months  of  rigorous  testing  showed  us 
why  application  acceleration  is  such  a  hot  area:These  devices  really  work. 

We  tested  boxes  from  Blue  Coat  Systems,  Cisco,  Riverbed  Technology 
and  Silver  Peak  Systems  in  a  true  enterprise  context,  with  a  massive  test 
bed  pushing  data  over  multiple  T-3  and  T-l  links  (see  “How  we  did  it,” 
page  54).  After  pounding  the  systems  with  the  most  popular  enterprise 
applications,  we’re  inclined  to  believe  the  hype. 

Even  if  average  speedups  are  “only”  around  five  to  10  times,  that’s  still 
a  big  improvement.  With  31%  of  IT  budgets  eaten  up  by  recurring 
monthly  WAN  costs,  according  to  a  recent  Nemertes  Research  study, 
application  acceleration  promises  potentially  huge  cost  savings. 

Riverbed’s  Steelhead  appliances  outperformed  the  field  in  most 
tests,  and  won  our  Clear  Choice  award.  But  all  these  devices  deserve 
serious  consideration:  Blue  Coat’s  SG  appliances  for  solid  HTTP  opti¬ 
mization;  Cisco’s  Wide  Area  Application  System  (WAAS)  for  excellent 
compression,  traffic  transparency  and  interoperability  with  other 
devices;  and  Silver  Peak’s  NX  appliances  for  strong  scalability  and  intu¬ 
itive  traffic  reporting  tools. 

Why  is  Windows  so  badP 

The  problem  statement  for  application  acceleration  is  simple:  Win¬ 
dows  performance  in  the  WAN  is  lousy  To  begin  with,  Windows’  two 


workhorse  protocols  —  TCP  and  NetBIOS  —  were  never  intended  for 
use  in  low-bandwidth  or  high-delay  networks.  Windows  XP  Service 
Pack  2  compounds  these  problems  with  some  spectacularly  subopti- 
mal  configuration  defaults.  (Windows  Vista  is  better,  but  it  isn’t  widely 
implemented  yet.) 

By  default,  XP’s  TCP  stack  advertises  a  receive  window  —  the  max¬ 
imum  amount  of  data  allowed  in  flight  without  acknowledgment  — 
of  64KB.That’s  fine  as  far  as  it  goes,  but  XP  isn’t  very  responsive  about 
resizing  that  window  in  response  to  loss  or  delay  A  large,  static 
receive  window  contributes  to  retransmissions,  possible  packet  loss 
and  poor  response  time. 

To  make  matters  worse, XP  doesn’t  use  a  common  TCP  option  called 
window  scaling  that  can  expand  a  64KB  receive  window  by  a  factor  of 
four  or  more.  Even  when  network  conditions  let  XP  go  much  faster,  it 
won’t.  (There  is  a  registry  hack  to  enable  window-scaling,  but  even 
then,  it  isn’t  used  by  the  Windows  filehandling  protocol.) 

WAN  performance  is  always  limited  by  the  so-called  bandwidth-delay 
product,  but  the  constraints  with  Windows  clients  are  especially  severe. 
For  example,  if  a  link  between  Boston  and  Los  Angeles  has  a  100-msec 
round-trip  delay  and  the  Windows  TCP  receive  window  is  64KB,  the  high¬ 
est  transmission  rate  possible  is  only  around  5.6Mbps,  regardless  of  link 
speed.  Ordering  up  a  T-3  or  OC-3  connection  won’t  help,  at  least  not  for 
any  given  Windows  TCP  connection;  5.6Mbps  is  as  good  as  it  gets. 

WAN  acceleration  devices  compensate  for  these  shortcomings  with 
a  variety  of  tricks,  including  block  caching,  compression,  connection 
multiplexing  and  application-layer  optimization.  While  not  all  devices 

See  App  acceleration,  page  46 


NETRESULTS 

Product  Steelhead 


Wide  Area  Application 

System  (WAAS)  NX  appliances  SG8100,  SG200,  Director 


Vendor 

Riverbed  Technology 
www.riverbed.com 

Cisco  Systems 
www.cisco.com 

Silver  Peak  Systems 
www.silver-peak.com 

Blue  Coat  Systems 
www.bluecoat.com 

Version 

tested 

4.0.0a 

4.0.12. b33 

2.0.0.0J5619 

5.1.4.21.29594 

Price 

Steelhead  5520,  $70,000; 
Steelhead  3520,  $45,000; 
Steelhead  1020,  $12,500; 
Central  Management 

Console  8000,  $5,000. 

Total  as  tested,  $190,000, 

WAE-7371,  $120,000;  WAE- 
612,  $22,000;  WAE-512, 

$14,800;  Central  Manager, 
$11,800. 

Total  as  tested,  $303,400. 

NX-7500,  $65,000;  NX-5500, 
$45,000;  NX-2500,  $10,000; 
GX-1000,  $10,000. 

Total  as  tested,  $185,000. 

SG8100,  $51,200;  SG200, 
$5,500;  Director,  $18,000. 

Total  as  tested,  $182,700. 

Pros 

Top  performer;  excellent 
reporting;  easy-to-use 
interface. 

Strong  in  CIFS  performance, 
compression,  concurrent 
connections;  good  reporting 
via  new  dashboard. 

Long  list  of  predefined 
application  types;  good 
reporting;  easy-to-use 
interface. 

Long  list  of  optimized 
applications;  strong  SSL 
performer. 

Cons 

External  marking  required 
for  QoS  tests;  SSL  opti¬ 
mization  not  supported  yet. 

Sped  up  HTTP  less  than 
some  other  devices;  SSL 
optimization  not  supported 
yet. 

Performance  in  some  tests 
didn't  match  vendor's 
results, 

Some  software  issues  in 
testing;  central  manage¬ 
ment  not  as  unified  as  in 
others. 

Score 

4.65 

4.43 

4.31 

3.85 
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Liebert  expertise 


just  another  reason  why  Emerson  Network  Power  is  the  global  leader 
in  enabling  Business-Critical  Continuity. w 


Emerson.  Business-G  itical  Continuity  and  1  ieber  t  are  trademarks  of  Emerson  Electric  Co.  or  one  of  its  affiliated  companies.  ?'Mp7  Emerson  Electric  Co. 


EMERSON 

Network  Power 


For  us,  it’s  about  making  sure  you  don’t  need  one. 


Power  and  cooling  have  become  critical  to  effective  IT  management.  But  do 
you  really  need  to  know  how  to  convert  kilowatts  to  BTUs,  or  understand 
how  resonant  converter  technology  increases  UPS  efficiency? 

With  a  network  of  local  representatives  that  average  more  than  20  years 
of  experience,  Emerson  Network  Power  and  its  Liebert  power  and  cooling 
technologies  make  it  easy  to  create  a  flexible  IT  infrastructure  that  delivers 
high  availability  and  low  cost  of  ownership.  Download  our  white  paper, 
Five  Technologies  Simplifying  Infrastructure  Management,  and  discover  how 
Liebert  technologies  can  make  your  job  easier,  at  experts.liebert.com. 


For  you,  it’s  about  protecting  critical  systems 
without  getting  a  PhD  in  engineering. 


CLEAR  CHOICE  TEST 


APPLICATION  ACCELERATION 


App  acceleration 

continued  from  page  44 

implement  every  method,  all  sharply  reduce  response  time  and  band¬ 
width  for  Windows  applications  across  the  WAN. 

Faster  file  service 

As  part  of  our  research  for  this  test,  we  asked  vendors  and  several  cor¬ 
porate  IT  shops  to  name  their  top  five  candidates  for  application  accel¬ 
eration,  and  every  respondent  named  Common  Internet  File  System 
(CIFS)  as  its  top  pick.  This  is  understandable,  given  that  Microsoft’s 
notoriously  chatty  file-handling  protocol  originally  was  intended  for 
LAN-only  operations.  Given  its  popularity  and  performance  issues,  we 
made  CIFS  the  highlight  of  our  performance  testing. 

We  tested  application  acceleration  the  way  enterprises  use  it  —  with 
multiple  WAN  links  and  round-trip  times.  Our  test  bed  modeled  a  hub- 
and-spoke  WAN  linking  with  a  headquarters  office  plus  four  remote 
sites,  two  apiece  onT-1  andT-3  links.The  remote  sites  represented  every 
permutation  of  high  and  low  bandwidth  and  delay 

At  each  of  the  remote  sites,  we  configured  XP  clients  to  upload  and 
download  directories  containing  Word  documents  from  a  Windows 
Server  2003  machine  at  headquarters. 

To  measure  the  effects  of  block  and/or  file  caching,  we  ran  the  CIFS 
tests  three  times.  First  was  a  “cold  run”  with  all  caches  empty.  Second 
was  a  “warm  run”  that  repeated  the  same  transfer  as  the  cold  run,  this 
time  with  the  files  already  in  cache.  Finally,  we  changed  the  contents  of 
10%  of  the  files;  this  “10%  run”  forced  devices  to  serve  some  but  not  all 
content  from  the  origin  server. 

The  two  most  important  application-acceleration  metrics  are  band¬ 
width  reduction  and  response-time  improvement.  While  we  measured 
both  in  this  test,  our  results  show  there’s  not  necessarily  a  strong  cor¬ 
relation  between  the  two.  A  device  with  a  powerful  compression 
engine  might  do  well  at  reducing  bandwidth  consumption,  but  the 
time  spent  putting  the  squeeze  on  data  might  increase  response  time 
or,  at  best,  yield  only  modest  improvements.  Conversely  some  devices 
might  willingly  trade  off  a  bit  more  bandwidth  consumption  if  the  net 
result  is  faster  overall  data  delivery. 

Looking  first  at  bandwidth-reduction  results,  all  products  substan¬ 
tially  lightened  the  WAN  load,  but  big  differences  exist  across  devices 
depending  on  cache  contents  (see  Figure  1,“CIFS  WAN  bandwidth 
reduction,”  above  right).  For  example,  in  the  cold  run  (caches  empty), 
Cisco’s  Wide  Area  Engine  (WAE)  appliances  were  by  far  the  most  effec¬ 
tive  at  compression,  using  nearly  28  times  less  bandwidth  than  was 
used  in  our  baseline,  no-device  test.  In  contrast,  the  bandwidth  savings 
for  other  devices  seeing  data  for  the  first  time  was  usually  less  than  a 
two-times  reduction  in  bandwidth,  according  to  measurements  taken 
by  a  ClearSight  Networks  Network  Analyzer. 

Note  that  we’re  presenting  all  results  in  terms  of  relative  improve¬ 
ment  rather  than  absolute  numbers.  For  example,  in  the  CIFS  cold 
run,  Cisco’s  devices  consumed  130MB  of  WAN  bandwidth,  compared 
with  3.6GB  with  no  acceleration  device  inline,  which  translates  into 
using  27.82  times  less  bandwidth.  (The  absolute  numbers  from  all 
tests  are  available  online;  see  www.nwdocfinder.com/9921.) 


GIFS  WAN  bandwidth  reduction  [  FIGURE  1 

Application-acceleration  devices  reduce  WAN  bandwidth 
consumption  the  most  when  they  handle  data  they've  previously 
seen.  We  tested  each  device  three  times:  “cold  run"  with  caches 
empty,  a  “warm  run"  with  caches  populated  and  a  “10%  run"  with 
10%  of  files  changed.  In  the  warm  run,  Riverbed's  Steelhead  used 
nearly  84  times  less  bandwidth  than  a  baseline  test  with  no  device. 

WAN  bandwidth  reduction  factor 
0  20  40  60  80  100 


27.82 


48. $3 
52.97 


83.95“ 


SflARFCARD 

Category 

■  ■  mm  msm. 

Weight  Riverbed 

Cisco 

Silver  Peak 

Blue  Coat 

Performance 

45% 

5 

4.5 

4.25 

4.5 

Functionality 

20% 

4.5 

4.5 

4.5 

4.5 

Manageability 

20% 

4.5 

4.5 

4.5 

2.75 

Usability 

15% 

4 

4 

4 

2.5 

Total  score 

4.65 

4.43 

4.31 

3.85 

mmMmmmmwmmmfmmmmMmmmmmmmmam 


No  acceleration 
Blue  Coat  cold 
Cisco  cold 
Riverbed  cold 
Silver  Peak  cold 
Blue  Coat  warm 
Cisco  warm 
Riverbed  warm 
Silver  Peak  warm 

Blue  Coat  10%  changed 
Cisco  10%  changed 
Riverbed  10%  changed 
Silver  Peak  10%  changed 


Given  that  enterprise  data  patterns  are  repetitive  and  subject  to 
change,  bandwidth  reduction  in  the  warm  and  10  %  test  cases  can  be 
more  meaningful  —  and  this  is  where  these  devices  really  shine. 

Riverbed’s  Steelhead  appliances  topped  these  tests,  reducing  band¬ 
width  by  a  factor  of  84  in  the  warm  run  and  a  factor  of  32  in  the  10% 
run. While  the  other  devices  reduced  bandwidth  by  a  lesser  degree,  the 
improvements  were  still  dramatic.  Any  device  that  reduces  bandwidth 
use  by  20  or  30  times  must  be  considered  a  boon  to  IT  budgets. 

We  also  used  the  ClearSight  analyzer  to  measure  LAN  bandwidth 
consumption  (see  graphic,  “CIFS  LAN  bandwidth  reduction”  and 
other  online-only  performance  results  at  www.nwdocfind 
er.com/9921).  LAN  differences  among  products  were  not  as  dra¬ 
matic  as  WAN  differences.  The  Blue  Coat  and  Cisco  devices 
reduced  LAN  bandwidth  consumption  by  factors  of  1.5  to  2  in  our 
warm  run  and  10%  run,  because  these  vendors’  headquarters 
devices  served  objects  out  of  cache  instead  of  from  the  origin 
servers.  In  contrast,  the  Riverbed  and  Silver  Peak  devices  increased 
LAN  use  by  2%  to  10%,  probably  because  of  appliance  control  traf¬ 
fic.  Changes  in  bandwidth  use  don’t  always  correlate  with  changes 
in  response  time,  however. 

Measuring  GIFS  response  time 

We  used  a  common  enterprise  task  to  gauge  CIFS  response  time, 
measuring  how  long  it  took  for  a  client  to  upload  or  download  a  set 
of  Word  files  to  or  from  a  server.  We  measured  trans¬ 
fer  times  at  each  of  our  four  remote  sites  —  each 
representing  a  different  permutation  of  high  and 
low  bandwidth  and  delay.  We’re  presenting  the 
results  for  each  site  because  users’  requirements 
differ  depending  on  where  they  work.  As  our  results 
suggest,  some  appliances  do  a  better  job  at  accel¬ 
erating  CIFS  in  low-bandwidth  settings;  others  are 
better  for  high-delay  settings. 

Arguably,  the  most  important  results  for  enter¬ 
prises  are  from  the  10%  runs,  where  we  offered 
10%  new  content  and  90%  existing  content  to 
each  set  of  appliances.  This  represents  an  enter¬ 
prise  where  many  users  might  see  the  same  docu- 

See  App  acceleration,  page  48 
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Start  with  the  right  rack, 
and  you  can't  go  wrong. 


Get  the  seamlessly  integrated,  fully  compatible 
NetShelter®  rack  system  from  APC®. 

APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  ensure 
the  highest  availability  in  a  multi-vendor  environment. 
With  APC  racks,  accessories,  and  management  tools, 
you  can  design  a  comprehensive  rack  solution  that 
meets  your  availability  needs  for  today  and  that 
easily  scales  up  for  tomorrow. 

Need  assistance?  Our  expert  Configure-to-Order 
Team  can  custom  tailor  a  complete  rack-mount 
solution  that  suits  your  specific  requirements. 


Contact  APC  today  and  protect  your  rack  application 
with  Legendary  Reliability®. 


The  NetShelter®  SX  is 
vendor  neutral  and  carries 
the  "Fits  Like  a  Glove" 
compatibility  guarantee. 


NetShelter  is  completely 
compatible  with  all  APC 
award-winning  InfraStruXure® 
architecture,  allowing  you  to 
add  rack,  power  and  cooling 
on  a  scalable  as-needed  basis. 


NetShelter9  SX  starts  at  $1150 
Hack  enclosures  with  advanced  cooling,  power  distribution, 
and  cable  management  for  server  and  networking 
applications  in  IT  environments. 

•Integrated  rear  cable  management  channels  allow  easy 
routing,  management  and  access  to  large  numbers  of 
data  cables. 

•3000  lbs.  weight  capacity. 

•  Vendor  neutral  mounting  for  guaranteed  compatibility. 

•  Tool  less  mounting  increases  speed  of  deployment. 

Rack  PDU  starts  at  $89.99 
Power  distribution  that  remotely  controls  power 
to  individual  outlets  and  monitors  the  aggregate 
power  consumption. 

•Switched,  metered,  and  basic  models  available. 

•Includes  horizontal,  vertical,  and  toolless  mount. 

•Puts  power  in  the  racks  near  the  equipment  where 
it  is  needed  most. 

•  Wide  range  of  input  and  output  connections  from 
single-phase  to  3-phase. 

Cable  Management  starts  at  $29.99 
Comprehensive  selection  of  accessories  designed 
to  organize  power  or  data  cables  within  a 
rack  environment. 

•Eliminates  clutter  and  cable  stress. 

•Zero  U  of  rack  space  with  the  vertical  cable  organizer. 
•Quick-release  tabs,  toolless  mounting. 

Rack-mount  Keyboard  Monitor  starts  at  $1550 
1U  rack-mountable  integrated  keyboard,  monitor  and  mouse. 

•  15"  or  17"  ultra-thin,  LCD  monitor  with 
integrated  keyboard. 

•Ease  of  installation  minimizes  support  and 
maintenance  costs  ensuring  lower  cost  of  ownership. 

•Can  be  used  in  a  variety  of  IT  environments  from 
computer  rooms  to  large  data  centers. 

Rack  Air  Removal  Unit  SX  starts  at  $2600 
Hear-door  fan  system  for  performance  heat  removal  up  to  23kW 

•  Temperature  controlled,  variable  speed  fans  allow  reduced 
energy  consumption  during  off-peak  cooling  periods. 

•  Ducted  exhaust  system  increases  air  conditioning  efficiency 
and  prevents  hot  spots  by  eliminating  recirculation. 

•  Manageable  via  Web,  SNMP,  Telnet  and  local  LCD  display. 

NetBotz®  Security  and  Environmental 

starts  at  $889 

Protecting  IT  assets  from  physical  threats. 

•  Visual  monitoring  of  all  activities  in  the  data  center 
or  wiring  closet. 

•Third-party monitoring  via  dry-contacts,  SNMP,  IPMi, 

0-5V  and  4-2.0mA. 

•User-configurable  alarm  and  escalation  policies. 

•  Temperature,  humidity,  and  leak  detection. 


Download  Free  Rack  White  Papers 

For  full  details,  Visit  www.apc.com/promo  Key  Code  x240x 
•  Call  888.289.APCC  x9160  •  Fax  401.788.2797 


Legendary  Reliability® 


©2007  American  F’ower  Conversion  Corporation.  All  rights  reserved.  NetBotz,  NetShelter  and  InfraStruXure  are  registered  trademarks  of  American  Power  Conversion  Corporation.  Other  trademarks  are  property  of  their  respective  owners. 

132  Fairgrounds  Road,  West  Kingston,  R I  02892  USA  AX4A6BF_NAMf 
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Downloading  CIFS 


FIGURE 


File  downloads  go 
much  faster  with 
application 
acceleration.  In 
situations  where 
10%  of  user  data 
changed, 
downloads  moved 
as  much  as  45 
times  faster  with 
acceleration  than 
without  it.  The 
biggest  boosts 
generally  came  on 
lower-speed  T-1 
links,  regardless 
of  delay. 
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ments  repeatedly  but  where  there  also  would  be  some  new  docu¬ 
ments  added  to  the  mix. 

In  the  download  tests,  low-bandwidth  sites  tended  to  see  the  biggest 
improvements  in  response  time,  regardless  of  the  amount  of  delay  pres¬ 
ent  (see  Figure  2,  “Downloading  CIFS,”  above).  Riverbed’s  Steelhead 
appliances  sped  up  file  transfers  45  times  to  a  low-bandwidth,  low-delay 
site  and  34  times  to  a  low-bandwidth,  high-delay  site.  The  Steelhead 
appliances  were  also  tops  for  the  high-bandwidth  sites,  but  to  a  lesser 
degree,  with  speed  increases  of  four  to  seven  times. 

The  Silver  Peak  NX  appliances  were  next  most  efficient  overall, 
with  speedups  of  three  to  16  times  (again,  with  the  most  improve¬ 
ment  shown  for  low-bandwidth  sites),  followed  by  the  Cisco  and 
Blue  Coat  appliances. 

File  uploads  generally  don’t  benefit  from  application  acceleration  as 
much  as  downloads  do. When  handling  client  downloads, acceleration 
devices  either  serve  content  from  a  client-side  cache,  pipeline  data 
using  read-ahead  operations  or 
employ  some  combination  of  the 
two  approaches.  That’s  not  possi¬ 
ble  with  write  operations, 
because  an  acceleration  device 
can’t  predict  in  advance  what 
data  the  client  will  send. 

Even  so,  big  improvements  in 
upload  performance  are  still  pos¬ 
sible  (see  Figure  3,  “Uploading 
CIFS,”  at  right).  Riverbed’s  Steel¬ 
head  appliance  again  led  the 
pack,  with  speedups  of  three  to  34 
times  compared  with  no  accelera¬ 
tion.  Accelerations  from  the  Silver 
Beak,  Cisco  and  Blue  Coat  devices 
were  less  dramatic  but  still  signifi¬ 
cant,  moving  traffic  1.3  to  16  times 
faster  than  our  baseline  test.  Most 
devices  sped  up  data  the  most 
from  low-bandwidth  sites.  Blue 
Coat’s  SG  was  an  exception;  it 
delivered  the  greatest  upload  ben¬ 
efit  to  the  high-bandwidth,  high- 
delay  site. 


Note  that  response-time  improvements  do  not  track  linearly  with 
bandwidth-reduction  results.  For  example,  Cisco’s  devices  were  more 
efficient,  relative  to  their  competitors,  at  reducing  WAN  bandwidth 
consumption  than  at  speeding  CIFS  transfer  times. 

In  reviewing  the  CIFS  results,  Riverbed  commented  that  it  achieved 
even  greater  improvement  over  no-acceleration  baselines  by  using 
many  small  files.  Our  tests  used  a  mix  of  random  file  sizes  of  25KB  to 
1MB.  Both  approaches  have  their  merits:  Riverbed’s  short-file  method¬ 
ology  is  more  stressful  on  devices’  CIFS  processing  engines  (stress  is  a 
good  thing  in  device  benchmarking),  while  a  mix  of  larger  files  may 
offer  a  more  meaningful  prediction  of  device  performance  in  pro¬ 
duction  settings. 

Mail  call 

After  CIFS,  the  next  most  popular  candidate  for  acceleration  is 
Messaging  API  (MAPI)  traffic.  MAPI  is  the  e-mail  protocol  used  by  the 
Microsoft  Exchange  server  and  Outlook  clients.  All  devices  tested  can 
speed  up  MAPI  traffic,  but  in  our  tests  the  improvements  were  far  less 
significant  than  in  the  CIFS  tests. 

In  our  MAPI  tests,  all  clients  sent  messages  —  some  with  Word 
attachments,  some  without  —  to  all  other  clients  through  an 
Exchange  2003  server.  As  with  the  CIFS  tests,  the  number  of  messages 
was  proportional  to  each  site’s  link  speed  —  fewer  messages  for 
clients  at  T-1  sites,  more  for  those  at  T-3  sites. 

There  was  significantly  less  differentiation  among  products  when 
accelerating  MAPI  traffic,  compared  to  CIFS  traffic  (see  Figure  4, “MAPI 
acceleration ’’page  50).  All  products  sped  mail  delivery,  but  only  by  fac¬ 
tors  of  1.24  to  2.39  compared  with  a  no-device  baseline.  Averaging 
results  across  all  sites,  the  Blue  Coat  devices  provided  the  biggest  boost 
for  mail  traffic,  but  by  a  relatively  small  margin  over  the  Riverbed, Silver 
Peak  and  Cisco  devices. 

Doubling  e-mail  performance  is  nothing  to  sneeze  at,  but  we  also 
wanted  to  understand  why  MAPI  performance  didn’t  match  CIFS  per¬ 
formance.  A  few  minutes  with  the  ClearSight  analyzer  gave  us  the 
answer:  The  Outlook  2007  clients  we  used  in  this  test  encrypt  e-mail 
traffic  by  default. 

To  the  acceleration  appliances,  most  of  the  MAPI  data  structures 
weren’t  visible  to  be  optimized.  Some  acceleration  was  still  possible, 
through  TCP  optimizations  or  because  some  MAPI  traffic  was  visible. 
After  reviewing  the  results,  Riverbed  said  it  encourages  Outlook  2007 
users  to  disable  encryption  for  highest  performance.That  said,  network 
managers  using  the  new  version  of  Outlook  should  consider  whether 

the  security/performance  trade- 
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While  file  uploads 
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much  as 
downloads,  the 
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Uploads  from 
clients  to  servers 
moved  as  much  as 
33  times  faster 
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than  without  it.  As 
with  downloads, 
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links,  although  all 
the  speedups  were 
significant. 
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off  is  worthwhile. 

A  faster  Web 

We  measured  acceleration  of 
HTTP  traffic  in  two  tests,  one  with 
248  and  and  one  with  2,480  con¬ 
current  users.  The  results  were  a 
bit  surprising:  While  the  products 
delivered  Web  traffic  as  much  as 
seven  times  faster  than  a  baseline 
test  without  acceleration,  per¬ 
formance  didn’t  necessarily 
improve  as  we  added  more  users. 

To  avoid  overloading  the  sites 
on  slower  links,  we  put  propor¬ 
tionately  fewer  users  at  the  T-1  sites 
than  at  the  T-3  sites.  For  example, 
our  2,480-user  test  involved  1,200 
clients  at  each  of  two  sites  on  a 
T-3,  and  40  clients  at  each  of  two 
sites  on  a  T-1.  We  used  Spirent 
Communications’  Avalanche/ 
Reflector  tool  to  emulate  Web 
See  App  acceleration,  page  50 
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MAPI  acceleration  figure  4 


The  MAPI  e-mail 
protocol  showed 
lower  but  still 
significant  improve¬ 
ment  in  our  tests 
compared  with  CIFS 
file  traffic.  Differ¬ 
ences  between 
products  also  were 
much  smaller.  This 
may  be  tied  to  our 
use  of  Outlook  2007 
clients,  which  by 
default  enable 
encryption  of  e-mail 
contents,  giving 
appliances  fewer 
opportunities  for 
optimization. 
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clients  and  servers.  Because  previous  studies  of  Web  objects  place  the 
average  size  at  8K  to  13KB,  we  configured  the  clients  to  request  an  1 1KB 
object  from  the  servers. 

As  in  the  CIFS  and  MAPI  tests, the  Riverbed  Steelhead  appliances  deliv¬ 
ered  Web  traffic  the  fastest  (see  graphic,  “Web  acceleration,”  at 
www.nwdocfinder.com/9921).  In  all  three  ways  we  measured  —  trans¬ 
actions  per  second,  traffic  rates  and  response  time  —  the  Steelhead 
appliances  delivered  Web  traffic  seven  times  faster  than  tests  with  no 
device  inline.  We  observed  the  same  seven-times  improvement  with  248 
and  2,480  users;  because  LAN  and  WAN  bandwidth  use  was  almost  iden¬ 
tical  in  each  test,  it’s  likely  that  WAN  bandwidth  was  the  bottleneck. 

Blue  Coat’s  SG  appliances  were  second-fastest,  but  that  result  must  be 
stated  with  a  caveat:  The  Blue  Coat  boxes  worked  better  with  fewer 
Web  users,  not  more.  Compared  with  no  acceleration,  the  Blue  Coat 
appliances  boosted  Web  performance  by  around  seven  times  for  248 
users,  but  by  around  six  times  for  2,480  users  (and  that’s  just  for  trans¬ 
actions  per  second  and  data  rate;  the  response  time  improved  by  only 
a  factor  of  three). 

We  noticed  some  erratic  Address  Resolution  Protocol  (ARP)  behav¬ 
ior  in  tests  involving  2,480  users  when  Blue  Coat  forwarded  either  Web 
or  SSL  traffic  (see  “What  about  SSL?”  at  www.nwdocfinder.com/9922). 
Although  Blue  Coat  replicated  our  issue  in-house  and  produced  a  soft¬ 
ware  fix  (now  available  to  customers),  we  still  observed  sluggish 
behavior  in  the  2,480-user  tests  after  applying  the  update. 

Silver  Peak’s  NX  appliances  were  third-fastest,  tripling  transaction  and 
data  rates  and  reducing  response  time  by  around  2.5  times  when  han¬ 
dling  248  users.  With  2,480  users,  performance  dipped  slightly  (by 
about  the  same  margin  as  Blue  Coat’s  appliances),  though  traffic  still 
moved  substantially  faster  than  in  our  no-device  baseline  test.  Silver 
Peak  says  these  results  are  roughly  in  line  with  its  in-house  testing. 

Cisco’s  WAE  appliances  better  than  doubled  performance  with  248 
users,  and  more  than  tripled  performance  with  2,480  users.  Cisco’s  WAE 
devices  don’t  proxy  Web  traffic  as  they  do  with  CIFS,  so  the  perform¬ 
ance  improvements  here  are  largely  attributable  to  TCP  optimizations. 


there  was  anything  but  straightforward,  involving  much  tuning  —  and  in 
some  cases  external  devices  to  protect  key  flows  during  congestion. 

To  measure  QoS  capabilities,  we  offered  a  small  amount  of  high- 
priority  traffic  —  in  this  case,  a  single  VoIP  call,  which  is  sensitive  to  delay 
and  jitter  —  while  walloping  the  WAN  with  huge  amounts  of  back¬ 
ground  traffic.  We  used  User  Datagram  Protocol  (UDP)  for  both  highl¬ 
and  low-priority  flows;  VoIP  uses  UDP  by  default,  and  TCP  was  not  suit¬ 
able  as  background  traffic,  because  of  its  built-in  congestion  control. 

We  also  determined  whether  devices  could  “re-mark”  Diff-Serv  code 
points  (DSCP),  a  good  practice  in  guarding  against  rogue  users  or 
applications  marking  their  flows  with  an  inappropriate  priority 

Blue  Coat’s  SG  appliances  couldn’t  participate  in  this  test  because 
they  don’t  optimize  UDP  traffic.The  other  vendors  turned  in  excellent 
results  but  used  different  paths  to  get  there. 

Cisco  recommends  using  WAN  routers  (in  this  case,  the  Cisco  3845 
and  ISR  2800  Series  devices  it  supplied)  rather  than  application  accel¬ 
erators  for  shaping  traffic.  Cisco’s  WAAS  acceleration  devices  and 
routers  work  together  using  network-based  application  recognition 
(NBAR).We  verified  in  testing  that  flows  the  acceleration  devices  clas¬ 
sified  using  NBAR  will  be  prioritized  by  the  routers  during  congestion. 
The  routers  turned  in  great  results;  the  ClearSight  analyzer  measured 
R-value,an  audio-quality  metric,  as  92.03  out  of  a  possible  93, and  they 
correctly  re-marked  DSCPs. 

Note  that  ultimately  Cisco’s  entry  performed  prioritization  on  its 
routers,  not  on  the  application-acceleration  devices,  although  the  latter 
did  play  a  role  in  classifying  traffic. This  differs  from  the  Riverbed  and 
Silver  Peak  devices,  which  performed  prioritization  on  board.  Many 
network  managers  already  run  QoS  on  WAN  routers,  and  for  them 
handing  off  this  function  to  a  router  isn’t  a  big  deal.  For  users  just  get¬ 
ting  started  with  QoS,  it  may  be  simpler  to  set  it  up  on  application- 
acceleration  devices,  and  leave  routers  alone,  at  least  for  now. 

The  Riverbed  and  Silver  Peak  appliances  also  protected  voice  traffic, 
with  R-value  scores  of  91.80  and  90.07,  respectively,  and  both  correctly 
re-marked  DSCPs. 

Of  the  two,  the  Silver  Peak  NX  appliances  were  easier  to  configure. 
They  correctly  classified  VoIP  streams  and  shaped  traffic  according  to 
the  parameters  we  defined.  Riverbed’s  Steelhead  appliances  don’t  clas¬ 
sify  real-time  protocol  streams  automatically  and  a  bug  in  the  software 
version  we  tested  wouldn’t  let  us  manually  define  port  ranges.  Instead, 
we  used  other  criteria,  such  as  source  address,  to  classify  VoIP  streams. 

Concurrent  connections 

Our  final  performance  test  determined  the  maximum  number  of  TCP 
connections  each  system  could  optimize. This  is  an  important  metric 
for  enterprises  with  many  remote  offices  and  hub-and-spoke  network 
designs,  where  connection  counts  for  data-center  devices  can  run  into 
the  tens  of  thousands.  All  the  devices  we  tested  get  into  that  tens-of- 
thousands  range,  but  there  was  more  than  a  fourfold  difference 
between  the  highest  and  lowest  capacities. 

To  measure  connection  concurrency,  we  configured  Spirent’s 
Avalanche  to  issue  a  Web  request  once  a  minute,  letting  us  establish  and 
keep  many  connections  alive.  We  added  connections  until  transactions 
began  to  fail  or  the  devices  stopped  optimizing  new  connections. 

Cisco’s  new  WAE-7371  came  out  tops  in  this  test,  accelerating  more 
than  50,000  TCP  connections  (see  graphic, “Maximum  accelerated  TCP 
connections,”  at  www.nwdocfinder.com/9921).  Silver  Peak’s  NX  appli¬ 
ances  were  next,  optimizing  43,306  concurrent  connections.  This  is 
well  short  of  the  NX  7500’s  rated  capacity  of  128,000  optimized  con¬ 
nections,  a  level  that  Silver  Peak  achieved  in  internal  testing.  We  were 
unable  to  reproduce  that  result  in  our  lab,  and,  despite  extensive  trou¬ 
bleshooting,  neither  we  nor  Silver  Peak’s  engineers  were  able  to 


QoS  testing 

QoS  testing  revealed  some  of  the  most  interesting  —  and  in  some  ways 
most  problematic  —  results  of  all  our  performance  testing.  While  three 
of  four  products  did  a  virtually  perfect  job  of  prioritizing  traffic,  the  path 
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explain  the  difference.  The  Blue  Coat  SG  appliances  were  next,  han¬ 
dling  about  19,500  optimized  connections. 

Riverbed’s  Steelhead  5520  optimized  more  than  12,200  connections, 
but  that  result  reflects  the  limits  of  the  two  Steelhead  3520  units  through 
which  we  set  up  connections.  Riverbed  says  the  higher-end  5520  model 
can  optimize  15,000  connections. We  were  unable  to  confirm  that  result, 
but  our  tests  did  show  that  each  3520  slightly  outperformed  its  rated  limit 
of  6,000  connections  to  get  to  the  12,200  total  mentioned  previously 

Features  and  functioning 

Most  testing  focused  on  performance,  but  we  also  assessed  devices 
for  functioning,  manageability  and  usability  Each  of  these  areas  turned 
up  at  least  as  many  differences  as  the  performance  tests  did. 

All  acceleration  devices  reduce  the  number  of  bits  sent  across  the 
WAN,  but  they  do  this  in  very  different  ways.The  Blue  Coat  and  Cisco 
devices  act  as  proxies,  terminating  connections  between  clients  and 
servers  and  setting  up  new  sessions  on  their  behalf.  Riverbed’s  devices 
can  proxy  traffic,  though  the  vendor  did  not  enable  that  feature  for  this 
test.  Silver  Peak’s  NX  appliances  don’t  proxy  traffic. 

Transparency  is  another  architectural  difference.  Blue  Coat  and  Silver 
Peak  engineers  respectively  configured  SSL  or  generic  routing- 
encapsulated  tunnels  between  appliances,  and  Riverbed  can  use  SSL 
tunneling.Tunneling  may  pose  a  problem  if  other  inline  devices, such  as 
firewalls  or  bandwidth  managers,  need  to  inspect  traffic. 

Cisco  claims  this  is  a  major  differentiator  for  its  WAAS  offering, which 
doesn’t  hide  traffic  from  other  devices  and  automatically  learns  about 
new  traffic  types  from  other  Cisco  devices  using  NBAR.A  powerful 
classification  engine,  NBAR  in  our  tests  classified  even  applications 
using  ephemeral  port  numbers,  such  as  those  used  for  H.323  and 
Session  Initiation  Protocol.  Silver  Peak’s  appliances  also  classified 
such  traffic.Then  again,  transparency  isn’t  an  issue  for  users  who  don’t 


need  application  visibility  among  acceleration  devices. 

Application  support  also  varies,  but  it’s  less  important  a  differentiator 
than  performance,  manageability  and  usability.  It’s  tempting  —  but  also 
a  bit  misleading  —  to  compare  the  number  of  predefined  application 
types  each  vendor  claims  to  optimize.  First,  the  applications  involved 
are  important  only  if  they’re  running  in  your  enterprise.  Second,  accel¬ 
eration  devices  still  may  boost  performance  even  if  a  given  application 
isn’t  predefined,  thanks  to  compression  and  TCP  optimization.  Finally 
all  devices  we  tested  allow  manual  definition  of  new  application 
classes  based  on  addresses  and  port  numbers  (though  these  may  not 
be  subject  to  the  same  speedups  as  some  predefined  types). 

See  App  acceleration,  page  54 


The  physical  test  bed 

The  physical  test  bed  used  real  Windows  clients  and  servers  at  each  site  for  CIFS  and  MAPI  testing,  Spirent  Communications' 
Avalanche/Reflector  system  for  HTTP  and  SSL  testing  and  GL  Communications’  PacketGen  for  VoIP  traffic.  We  measured  LAN  and  WAN 
traffic  with  ClearSight  Networks'  Network  Analyzer  and  emulated  WAN  conditions  using  Spirent's  Converged  Network  Impairment  Emulator. 
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The  logical  test  bed 

To  test  application  acceleration,  we  built  a  test  bed  modeling  an 
enterprise  network  with  five  sites:  A  headquarters  in  Boston  and 
remote  offices  in  Portsmouth,  N.H.;  Newton,  Mass.;  El  Segundo, 
Calif.;  and  San  Francisco.  Two T-3  and  twoT-1  links  connect  the  sites. 


•  San  Francisco, 
remote  off  ice:  T-1 


®  Portsmouth, 
data  center:  T-3 

®  Boston 
headquarters 


•  El  Segundo, 
data  center:  T-3 


•  Newton 
remote  off  ice:  T-1 
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CLEAR  CHOICE  TEST  APPLICATION  ACCELERATION 


App  acceleration 

continued  from  page  51 

To  look  after  all  the  devices  in  our  test  bed’s  enterprise,  we  asked 
each  vendor  to  supply  a  central  management  system. 

We  assessed  centralized  management  in  terms  of  functioning  and 
reporting  features.  On  the  function  side,  all  vendors  but  Blue  Coat  offer 
a  centralized  method  of  pushing  out  configuration  changes  or  soft¬ 
ware  upgrades  to  all  appliances.  Blue  Coat  indeed  can  push  changes 
and  upgrades  but  only  by  manually  defining  a  job  to  push  out  the 
change.  All  vendors  allow  appliances  to  be  defined  into  groups 
(though  Blue  Coat’s  Director  appliance  requires  a  manually  defined 
job  to  perform  an  action  on  a  given  group). 

All  devices  use  a  dashboard  display  to  show  application  distribution 
and  volume  during  predefined  periods.These  displays  can  be  very  help¬ 
ful  in  managing  application  traffic  even  before  acceleration  is  enabled. 
It’s  pretty  common  to  find  during  installation  that  enterprises  are  run¬ 
ning  applications  they  didn’t  know  about.  Once  acceleration  is  enabled, 
these  devices  use  pie  charts  and  bar  graphs  to  report  on  compression, 
percentage  of  optimized  vs.  pass-through  traffic  and  data  reduction. 

The  Cisco,  Riverbed  and  Silver  Peak  appliances  aggregate  displays 
across  multiple  devices,  a  useful  feature  for  capacity  planning.  There 

were  differences  in  terms  of  the 
application  data  and  time  periods 
supported;  for  example,  Silver 
Peak’s  display  was  useful  in  trou¬ 
bleshooting  because  —  uniquely 
among  the  products  tested  —  it 
reported  on  packet  loss  and  did 
so  in  per-minute  intervals. 

There  are  significant  usability 
differences  among  the  accelera¬ 
tors,  but  we’ll  be  the  first  to  admit 
this  is  a  highly  subjective  area.  If  we  had  to  rank  the  systems  in  terms 
of  ease  of  use,  the  lineup  would  be  Riverbed,  Silver  Peak,  Cisco  and 
Blue  Coat. 

Riverbed’s  Steelhead  appliances  came  closest  to  the  goal  of  “just 
working.”  Setup  took  less  than  half  a  day  Once  we  were  up  and  run¬ 
ning,  we  found  the  user  interface  to  be  simple  and  well  designed.lt  was 
easy  to  make  changes  and  view  reports,  even  without  delving  into  the 
company’s  well-written  documentation. 

Silver  Peak’s  NX  appliances  also  feature  a  simple  user  interface  with 
excellent  reporting  on  current  and  historical  statistics.  The  central 
management  display  wasn’t  as  polished  or  fully  featured  as 
Riverbed’s,  although  unlike  Riverbed’s,  it  includes  a  topology  map  of 
all  appliances. 

Cisco’s  display  bristles  with  features  and  commands  —  perhaps  too 
many  Cisco’s  redesigned  dashboard  offers  whizzy  graphics,  useful  pie 
charts  on  CIFS  application  performance  and  (like  Riverbed  and  Silver 
Peak  devices)  real-time  connection  monitoring  and  per-device  report¬ 
ing  on  connection  statistics.  Getting  to  specific  commands  or  opening 
logs  often  took  more  steps  than  with  other  devices,  however;  further, 
not  all  the  commands  available  from  the  device  command  line  were 
available  from  the  GUI,  and  vice  versa. 

Blue  Coat’s  management  software,  while  powerful,  was  the  most  diffi¬ 
cult  to  use.  Individual  appliances  used  a  Web-based  Java  application  that 
was  sluggish;  further,  it  worked  with  Internet  Explorer  but  not  Firefox.  And 
some  predefined  tasks  in  other  vendors’  devices,  such  as  updating  con¬ 
figuration  or  images, required  manual  definition  in  the  Blue  Coat  devices, 
or  touching  each  appliance  individually 

Newman  is  president  of  Network  Test,  an  independent  test  lab  in  Westlake 
Village,  Calif.  He  can  be  reached  at  dnewman@networktest.com. 


How  we  did  it 


Our  test  bed  (see  graphic,  page  51)  modeled  an  enterprise 
hub-and-spoke  network  with  five  sites:  A  headquarters  in 
Boston  and  branch  offices  in  Portsmouth,  N.H.;  Newton, 
Mass.;  El  Segundo,  Calif.;  and  San  Francisco.  We  used  Spirent 
Communications'  Converged  Network  Impairment  Emulator  to 
emulate  WAN  rates  and  delays.  The  Newton  and  San  Francisco 
remote  links  ran  atT-1  (1.5Mbps)  rates,  while  the  other  two  ran 
atT-3  (45Mbps)  rates.  The  Newton  and  Portsmouth  links  used 
16-msec  round-trip  delays,  while  the  other  two  used  100-msec 
round-trip  delays. 

We  measured  application-acceleration  performance  with 
Common  Internet  File  System  and  Server  Message  Block 
Windows  file  transfers,  Outlook  and  Exchange,  HTTP,  and  SSL 
traffic.  We  also  assessed  devices’  QoS  capabilities  by  generat¬ 
ing  VoIP  traffic  while  loading  the  network  with  HTTP  traffic. 

To  measure  bandwidth  reduction,  we  used  a  ClearSight 
Networks  hardware-based  analyzer  with  taps  in  the  Boston  LAN 
and  WAN  sides  of  the  test  bed.To  measure  application  response 
time,  our  custom-built  software  measured  CIFS  and  Messaging 
API  (MAPI)  transfers. 

For  the  CIFS  file  transfers,  two  clients  at  each  remote  site 
simultaneously  sent  and  received  Microsoft  Word  documents 
from  the  Boston  site.  Clients  onT-3  links  transferred  750  files 
each  way,  while  clients  onT-1  links  transferred  25  files  each  way. 
We  ran  each  CIFS  test  three  times:  a  "cold  run”  with  empty 
device  data  stores,  a  "warm  run"  once  the  data  store  had  been 
populated  and  a  "10%  run,”  in  which  w«tered  the  contents  of 
10%  of  the  files. 

To  measure  MAPI  and  Exchange  performance,  Outlook  2007  on 
each  client  created  1,000  or  34  messages  forT-3  orT-1  circuits, 
respectively.  Each  client  sent  messages  trfatl  other  clients,  but 
always  through  and  Exchange  2003  server  at  the  Boston  site. 

To  measure  HTTP  performance,  we  configured  the  Spirent 
Avalanche  and  Ref  lector  2500  appliances  to  emulate  Web  clients 
and  servers,  respectively.  As  many  as  2,048  clients  at  remote 
sites  requested  11KB  objects  from  servers  at  the  Boston  site.  We 
measured  HTTP  response  time  and  transfer  rates.  We  repeated 
these  tests  twice,  once  with  256  clients  across  all  remote  sites, 
and  again  with  2,048  clients. 

To  measure  SSL  performance,  we  repeated  the  HTTP  tests 
using  Secure-HTTP,  loading  server  certificates  on  the  accelera¬ 
tion  devices  where  they  support  SSL  proxying. 

To  assess  devices’  QoS  capabilities,  we  simultaneously  offered 
small  amounts  of  VoIP  and  large  amounts  of  HTTP  traffic.  To 
generate  and  measure  VoIP  traffic,  we  used  GL  Commu¬ 
nications’  PacketGen  and  VQT  products  to  set  up  and  measure 
Session  Initiation  Protocol  and  Real  Time  Protocol  calls.  We 
again  used  Spirent  Avalanche  and  Reflector  for  HTTP  traffic.  In 
these  tests,  we  compared  VoIP  audio-quality  measurements  with 
and  without  HTTP  present.  As  an  added  test  of  QoS,  we  checked 
whether  devices  could  classify  and  re-mark  the  Diff-Serv  code 
points  for  voice  and  Web  traffic. 

We  also  measured  the  maximumTCP  connection  capacity  of 
the  Boston  device.  In  this  test,  the  Avalanche  appliance  emulated 
a  Web  client  requesting  a  1KB  object  every  60  seconds.  We 
attempted  to  measure  a  maximum  connection  count  supported 
by  the  Boston  appliance  to  the  nearest  1,000  connections. 

Much  of  our  assessment  for  functioning,  manageability  and 
usability  occurred  during  the  performance  tests. 
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the  first  company  Cisco  acquired.). 

“The  internal  venture  framework  is  an 
inexpensive  way  to  get  the  same  result"  as  a 
spin-in,  De  Beer  says. 

The  Harvard  Business  Review  recently 
lauded  Cisco’s  strategy  as  a  model  for  estab¬ 
lished  companies  looking  to  harvest  new 
markets  to  augment  their  core  business.  The 
HBR  cited  Ciscos  ability  to  keep  its  internal, 
start-up  resources  isolated  from  its  core  rout¬ 
ing  and  switching  businesses  and  thereby 
focused  on  mid-  and  long-term  growth 
opportunities  —  not  to  bail  out  the  core 
business  in  order  to  meet  quarterly  targets. 

But  Cisco  is  not  unique  in  this  effort.  IBM 
three  years  ago  created  a  new  internal  unit 
—  called  Strategic  Growth  Initiatives  —  to 
target  emerging  markets.That  unit  combines 
IBM’s  Linux,  grid  computing  and  virtualiza¬ 
tion  initiatives,  among  others. 


Alcatel-Lucent  has  Bell  Labs,  and  Red  Hat 
and  Network  Appliance  also  have  internal 
emerging-technology  initiatives. 

Cisco’s  may  be  unique,  however,  given  the 
company’s  penchant  for  going  outside  to 
obtain  and  staff  its  emerging  technologies 
efforts.  Cisco  has  bought  about  114  compa¬ 
nies  since  the  Crescendo  acquisition  in 
1993. 

Cisco  weighs  making  vs.  buying 

“The  make-vs.-buy  decision  is  something 
that  probably  comes  up  more  often  in  Cisco 
than  in  IBM,"  says  Dave  Passmore,  research 
director  at  The  Burton  Group. “An  IBM  would 
tend  to  pursue  more  internal  developments, 
whereas  Cisco  might  always  be  thinking, 
‘How  much  of  this  should  we  do  our¬ 
selves?”’ 

Passmore  says  there  are  benefits  and 
drawbacks  to  both  approaches.  Companies 
can  readily  drain  resources  from  internal 
efforts  to  meet  a  short-term  goal.  Conversely, 
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“ISVs  would  be  able  to  certify  an  applica¬ 
tion  and  seamlessly  port  it  across  Linux  dis¬ 
tributions,”  he  said. 

Hovsepian  was  short  on  details,  but  there 
are  similar  projects  underway  including  the 
Linux  Standard  Base,  which  Novell  supports, 
and  the  Open  Solutions  Alliance,  which  pro¬ 
motes  development  of  common  APIs. 

Hovsepian  also  said  Linux  needs  to  focus 
on  virtualization,  management, security  and 
power  management.  “These  are  critical 
components  as  to  where  and  how  the  next 
generation  of  data  centers  evolve,”  he  said. 

While  these  new  areas  of  focus  are  being 
explored,  those  closest  to  the  heart  of  the 
matter  —  the  Linux  kernel  —  are  not  stop¬ 
ping  to  pat  themselves  on  the  back. 

“It  looks  like  we  have  a  battle  on  two 
fronts  now,  one  with  Microsoft  and  one  with 


Sun,”  said  James  Bottomley,  a  Linux  kernel 
developer  and  vice  president  and  CTO  of 
SteelEye  Technology. The  Sun  tiff  in  part  has 
revolved  around  its  OpenSolaris  initiative 
and  how  it  might  license  its  ZFS  file  system. 
Linux  kernel  stewards,  including  Linus 
Torvalds  himself,  believe  Sun  wants  to  take 
from  the  Linux  community  and  not  give 
back  via  open  source  licensing. 

“Sun  wants  to  have  an  innovation  model 
that  mirrors  Linux  and  not  give  away  the 
keys  [by  open  sourcing].  I  find  that  is  an 
impossible  goal,”  Bottomley  said. 

Despite  the  back-and-forth,  the  belief  is 
that  Linux  has  seized  a  place  as  a  corporate 
platform,  and  if  the  next  steps  can  be  exe¬ 
cuted  with  the  same  level  of  competence, 
the  potential  is  unlimited. 

“The  interesting  thing  across  all  these 
areas  of  growth  is  that  you  have  this  unifying 
Linux  underneath,”  said  Jim  Zemlin,  execu¬ 
tive  director  of  the  Linux  Foundation.  ■ 
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a  heavy  reliance  on  acquiring  outside  tech¬ 
nology  and  talent  can  create  a  culture  clash, 
leading  to  an  exodus  of  skilled  personnel. 

“There’s  the  control  issue,  and  the  fact  that 
you  can  lose  a  bid  for  an  outside  company 
The  technology  can  land  in  ‘the  wrong 
hands,”’  Passmore  says.“When  you’ve  got  a  lot 
of  entrepreneurs  that  you  hire  through  acqui¬ 
sition,  those  are  the  kinds  of  people  who  tend 
to  want  to  go  off  and  do  what  they  want  to 
do. They’re  not  exactly  company  men.” 

Passmore  notes  that  Cisco  has  been  adept 
at  retaining  top  talent  after  acquiring  a  com¬ 
pany. 

Cisco’s  first  such  emerging  market  internal 
start-up  was  its  IP  telephony  effort  — 
phones  and  PBXs  —  in  the  late  1990s.  Since 
then,  several  such  internal  start-up  activities 
have  stocked  Cisco’s  Advanced  Tech¬ 
nologies  operations,  a  conglomerate  of  $1 
billion  markets  and  product  lines  that 
include  unified  communications,  storage, 
security,  wireless,  home  networking,  applica¬ 
tion  services  and  video. 

Telepresence 

The  latest  such  emerging-market  technolo¬ 
gy  to  be  turned  into  products  is  Cisco’s 
video-based  TelePresence  virtual  meeting 
system.  Unveiled  last  fall,  Cisco  has  shipped 
110  TelePresence  systems  to  date  to  50  cus¬ 
tomers  and  expects  it  to  be  another  $1  bil¬ 
lion  opportunity  within  the  next  five  years. 

Other  recent  market  entrants  from  Cisco’s 
Emerging  Technologies  Group  include  the 
IP  Interoperability  and  Communications 
System  for  emergency  first-responders;  phys¬ 
ical  security;  and  digital  media  systems  for 
enterprises.  De  Beer  says  there  are  at  least 
four  more  emerging  technologies  “in  the 
pipeline”  and  even  more  in  the  pre-pipeline 
stage.  He  declined  to  identify  them. 

The  400-person  staff  of  the  Emerging 
Technologies  Group  fields  ideas  for  new 
market  entries  submitted  by  Cisco  employ¬ 
ees  through  the  company’s  intranet.  The 
group’s  goal  is  to  fund  15  new  $l-billion 
market  initiatives  over  five  years,  De  Beer 
says  —  roughly  a  2%  hit  rate  on  all  of  the 
ideas  submitted.  ■ 


Network  management  drives 
the  agile  enterprise 

Business-services  management  can 
be  a  strategic  way  to  link  business 
demands  with  technology's  power  — 
when  you  have  the  secrets  and  solu¬ 
tions  of  the  new  generation  of  tech¬ 
nology.  What  works?  What's  next? 
Join  us  at  IT  Roadmap:  Dallas,  on 
Sept.  6  —  free.  Qualify  at: 

www.nwdocfinder.com/9157 


56  •  AUGUST  13,  2007  •  www.networkworld.com 


wmwmawBLB 


H  Editorial  Index 

■  A 

■  P 

Ariohe 

19,  94 

Gl  Communications 

54 

Panasonic  Mnhile 

18 

Alr.atnl-I  unent 

_ 56 

Google 

in  9n,  98 

Alfresco  Software 

18 

Gracnnote 

94 

■  Q 

Amazon.r.om 

18 

Ol  noic 

16 

Andiamo  Systems 

18 

■  H 

Apron 

54 

HP 

19,  16 

■  R 

Aplix 

18 

Red  Hat 

18,  94,  56 

Apple 

5,19 

■  1 _ 

Riverhed  Technology 

1,44 

AT&T 

96 

IRM 

8,  in,  16.  56 

Atheros  Communications 

14 

ms 

■  L 

San  Disk 

24 

■  B 

1 enovo 

14 

Silver  Peak  Systems 

1,44 

Rlue  Coat  Systems 

1,44 

1  G  Flectronics 

18 

Spirent  Communications 

50 

Rrocarle  Communications 

16 

SteelFye  Technology 

58 

■  M 

Sun 

1,  19 

■  C 

McAfee 

18 

Symantec 

12 

Celunite 

18 

Meru  Networks 

14 

Cisco  1,  5,  8 

18.  99,  44 

Microsoft 

1,8,  19,  94,  44 

■  V 

Citrix  Systems 

99 

Motorola 

18 

VMware 

18,  22 

ClearSinht  Networks 

46 

Vodafone  Groun 

_ 18 

■  N 

■  D 

Network  Appliance 

56 

■  w 

Dell 

in 

Nextcorle 

94 

Wind  River 

18 

NoteRurner 

24 

■  E 

Novell 

10,  18 

■  X _ 

FMC 

in,  16 

NTT  Docomo 

18 

XenSource 

18 

Emulex 

16 

Nuova  Systems. 

_ 18 

Xerox 

12 

■  F 

■  0 

mi _ 

Fujitsu 

10 

Ounce  1  ahs 

_ 8 

7TakWare  Computing 

94 

■  Advertiser  Index 


1  &  1  Internet Inc 

59-53 

1and1.com 

American  Power  Conversion  15.  47 

www.apc.com 

Relrien  loo 

95 

www.belden.com/Wireless.cfm 

Citrix  .Systems  loo 

19 

www.citrix.com/HOfastWAN3 

DNSstuff  1  1C 

97 

DNSstuff.com 

ritSearnh  C.orp 

55 

www  dtsearch  rnm 

Eaton  Com   . 

59 

www.powerware.com/nw 

Emerson  Network  Power 

45 

.  .  exnerts.liRhRrt.com 

Foundry  Networks 

2L 

www.founrirvnet.com/BinlronRX 

Hewlett  Packard 

4 

www.  prom  irve.nom/proact  ive 

IRM  C.orp 

23 

ibm.com/svstems/crvslalhall 

IRM  C.orp 

30-31 

ibm.com/takebackcontrol/flHxible 

IRM  C.orp 

34-35 

ibm.com/takebackcontrQl/jnfo 

IRM  Corp 

38-39  ibm.com/takehackcontrQlAjnifv 

IRM  C.orp 

49-43 

ihm.com/takehackcnntrnl/seciirity 

msigm 

juniper  Networks  Inn 

13 

y_insigm.com 

www.iuninpr.net/controllinoaccess 

1  inksys 

11 

WWW. 

.linksys.com/oonnectRdoffice 

Miornsoft  C.orp 

9-3 

easyeasier.com 

Miornsnft  Corp 

m 

microsoft.com/voip 

MnuinC.nnl 

98 

movinconl.com 

NetApp 

17 

www.netapp.com/hi7apps 

Network  Instruments  1  1  C 

49 

WWW. 

Nptwnrklnstmments.com/TimpTravpl 

Network  Instruments  1  1  C. 

RR 

www  networkTAPs.com 

Rose  Flertrnnics 

55. 

_ www.rose.com 

Verizon  Wireless_ I 

ueri7nnwirRless.oom/hrnadhandacoess 

These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 

•Indicates  Regional  Demographic 


■  IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 
Bob  Carrigan,  President,  IDG  Communications 

Network  World  is  a  publication  of  IDG,  the  world’s  largest 
publisher  of  computer-related  information  and  the  lead¬ 
ing  global  provider  of  information  services  on  informa¬ 
tion  technology.  IDG  publishes  over  300  computer  publi¬ 
cations  in  85  countries.  One  hundred  million  people  read 
one  or  more  IDG  publications  each  month.  Network 
World  contributes  to  the  IDG  News  Service,  offering  the 
latest  on  domestic  and  international  computer  news. 


Publicize  your  press  coverage  in  Network  World 
by  ordering  reprints  of  your  editorial  mentions. 
Reprints  make  great  marketing  materials  and 
are  available  in  quantities  of  500  and  up.  To  order, 
contact  Reprint  Management  Services  at  (717) 
399-1900  x128  or  E-mail:  networkworld@reprint- 
buyer.com. 


NetworkWorld 

Events  and  Executive  Forums 


Network  World  Events  and 
Executive  Forums  produces 
events  including  IT  Ftoadmap, 
DEMO  and  The  Security 
Standard.  For  complete  infor¬ 
mation  on  our  current  event  offerings,  call  us  at  800-643-4668  or 
go  to  www.networkworld.com/events. 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

CEO/Publisher:  Evilee  Ebb 
President/General  Manager,  Online:  John  Gallant 
Chief  Operating  Officer:  W.  Michael  Draper 

ONLINE  SERVICES 

V.  R,  Online  Sales/Operations:  Susan  Cardoza 
V.  P.,  Online  Audience/Architecture:  Dan  Gallagher 
V.  P.,  Online  Development/Custom  Media:  Dan  Hirsh 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Exec.V.  P.,  Events/Executive  Forums:  Neal  Silverman 
Vice  President,  Event  Sales:  Andrea  D'  Amato 
Sr.  Director,  Marketing/Business  Dev.:  Mike  Garity 

MARKETING 

Director  of  Marketing:  Donna  Pomponi 

AD  OPERATIONS 

Production  Manager:  JamiThompson 
Advertising  Coordinator:  Maro  Eremyan 

FINANCE 

Vice  President  Finance:  Mary  Fanning 

HUMAN  RESOURCES 

Human  Resources  Manager:  Eric  Cormier 

CIRCULATION 

Senior  Director  of  Circulation:  Richard  Priante 

INFORMATION  SERVICES 

Chief  Operating  Officer:  Mike  Draper 
Director  of  Systems  Development:  Tom  Kroon 
Director  of  Network  IT:  Rocco  Bortone 
Manager  of  DatabaseTechnologies:  Puneet  Narang 

IDG  LIST  RENTAL  SERVICES 

Director  of  List  Management,  Steve Tozeski 

Toll  free:  (800)  IDG-LIST  (US  only)/Direct:  (508)  370-082 2 


■  Sales  Offices 

New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Internet:  tdavis,  elisas@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 

Internet:  elisas@nww.com 

(201)  634-2300/FAX:  (201)  634-9286 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Internet:  jdibian@nww.com 
(610)  971-0808/FAX:  (201)  621-5095 

Midwest/Central 

Tom  Davis,  Associate  Publisher,  Eastern  Region 

Internet:  tdavis@nww.com 

(201)  634-2300/FAX:  (201)  634-9286 

Southeast 

Don  Seay,  Regional  Account  Director 

Internet:  dseay@nww.com 

(404)  874-7232/FAX:  (201)  621-6129 

Northern  California/Northwest 

Sandra  Kupiec,  Assoc.  Publisher,  Western  Region 
Karen  Wilde,  Regional  Account  Director 
Vanessa Tormey,  Regional  Account  Director 
Coretta  Wright,  Regional  Account  Manager 
Katie  Layng,  Account  Executive 
Internet:  skupiec,  kwilde,  vtormey,  cwright,  klayng, 
jhallett,  ckim,  tmarfori@nww.com 
(415)  243-4122/FAX:  (415)  267-4519 

Southwest/Rockies 

Becky  Bogart,  Regional  Account  Director 
Internet:  bbogart@nww.com 
(949)  713-5153/FAX:  (949)  334-1155 

Online/Integrated  Solutions 

Susan  Cardoza,  V.  P.  Online  Sales/Operations 

Debbie  Lovell,  Sr.  Online  Account  Manager 

Denise  Landry,  Sr.  Account  Coordinator 

Justine  Wallace,  Account  Coordinator 

Internet:  scardoza,  dlovell,  dlandry,  jwallace@nww.com 

(508)  460-3333/FAX:  (508)  490-6603 

Marketplace  /  Emerging  Markets 

Enku  Gubaie,  Mgr.  of  Marketplace/Emerging  Markets 
Internet:  egubaie@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 


www.networkworld.com  •  AUGUST  13,  2007  “  57 


Manners  maketh 

Last  week  my  esteemed  colleague  below 
me  on  the  back  page  discussed  e-mail  eti¬ 
quette  and  his  intense  irritation  with  peo¬ 
ple  who  prethank  —  that  is,  who  thank  you  in 
their  initial  message  before  they  know  how 
you’ll  respond  to  whatever  their  message  is 
about  and  then  when  and  however  you  reply 
they,  in  turn,  reply  by  thanking  you  again. 

Now,  by  a  curious  coincidence,  1  also  was 
thinking  about  manners  this  week.  What  constitutes  the  behaviors  we 
refer  to  as  manners  has  changed  remarkably 
throughout  human  history  and  what  one  period 
in  history  considered  acceptable  another  consid¬ 
ered  to  be  gross  and  vile.  In  the  beginning  (about 
1.8  million  years  ago),  there  were  no  manners  at 
all,  and  for  several  millennia  the  height  of  good 
manners  was  apparently  pretty  much  concerned 
with  not  killing  each  other. 

Manners  had  improved  considerably  by  the  mid-1500s.The  Dutch 
humanist  Erasmus  was  provoked  by  who  knows  what  to  advise  that  “it 
is  impolite  to  greet  someone  who  is  urinating  or  defecating.  A  well-bred 
person  should  always  avoid  exposing  without  necessity  the  parts  to 
which  nature  has  attached  modesty  If  necessity  compels  this,  it  should 
be  done  with  decency  and  reserve,  even  if  no  witness  is  present.” 

Civility  took  a  few  more  faltering  steps  forward,  and  in  1744  George 
Washington  advised  schoolboys  (www.nwdocfinder.com/9970)  to  “Kill 
no  Vermin  as  Fleas,  lice  ticks  in  the  Sight  of  Others,  if  you  See  any  filth 
or  thick  Spittle  put  your  foot  Dexterously  upon  it  if  it  be  upon  the 
Cloths  of  your  Companions,  Put  it  off  privately,  and  if  it  be  upon  your 
own  Cloths  return  Thanks  to  him  who  puts  it  off.” 


the  mail 

And  on  to  today  where  we  have  had  Emily  Fbst  (“proper  etiquette”), 
Miss  Manners  (“heavy  etiquette  theory”), and  Martha  Stewart  (promoter 
of  “good  things”  except  where  it  concerns  the  etiquette  of  stock  trading 
...  1  still  don’t  think  she  deserved  prison)  to  tell  us  how  to  behave  well. 
All  of  this  working  at  manners  has  furthered  our  culture  tremendously 
but,  alas,  is  only  partially  applicable  to  the  online  world. 

The  situation  described  by  Paul  is  a  great  example  of  this  discon¬ 
nect,  and  what  the  recipient  is  doing  would  be  totally  acceptable  if 
there  were  days  or  even  hours  between  messages.  When  there  are  sec¬ 
onds,  then  it  all  seems  too  much  and  folks  like  Paul  are  driven  to 
homicidal  thoughts  in  response. 

The  problem  is  —  to  recycle  a  phrase  I  haven’t 
used  for  a  while  — “Internet  time”;  the  perception 
that  everything,  not  just  technology,  has  to  happen 
as  fast  as  it  can  happen  because  it  can  and  should. 
More  is  no  longer  better.  More  and  faster  is  better 
(or  perhaps  that  should  be  “Moore  and  faster”). 

And  this  is  where  the  Paul’s  problem  lies.  Paul 
wrote, “before  I  can  return  my  attention  to  whatever  task  it  had  been 
ripped  from  to  reply  I’ll  see  the  . . .  next  message  hit  my  in-box.”  He’s 
right, we’re  all  getting  like  that, compulsive  e-mail  readers. Hang  on  ... 
there!  I  just  did  exactly  that  while  writing  this  column! 

Anyway,  I  think  there’s  a  simple  answer  that  you  can  do  with  just  a  lit¬ 
tle  effort:  Exit  your  email  client  and  only  fire  it  up  once  per  hour  on 
the  hour. You’ll  deal  with  your  messages  and  then  quit  until  the  next 
scheduled  mail  scan.  It  can  be  done.  An  editor  I  used  to  know  did  just 
that.  Of  course,  he’s  dead  now. 

Gibbs  (www.gibbs.com/mgbio/)  is  “ at  home" in  Ventura,  Calif.  He 
would  be  honored  to  receive  your  communication 
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Mark  Gibbs 
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3  surveys  say  a  lot,  most  of  it  unflattering 
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“State  of  the  Net”  survey  released  last  week 
k  by  Consumer  Reports  makes  clear  that 
Americans  continue  to  have  ample  cause 
to  distrust  Internet  interactions  . .  .yet  many 
remain  woefully  ignorant  in  terms  of  protect¬ 
ing  themselves  —  and  their  children  —  from 
NET  the  most  obvious  dangers. 

News,  Insights,  oddities  u  .T,he  combination  has  cost  consumers  $7 

billion  over  two  years,  according  to 

Consumer  Reports. 

The  sweeping  study  does  include  nuggets  of  good  news,  however, 
including  a  contention  that  less  spam  is  hitting  consumer  in-boxes.  No 
one  asked  me.  Among  the  findings: 

•  Computer  viruses  have  prompted  1.8  million  households  to  junk 
their  PCs  over  the  past  two  years,  while  spyware  has  claimed  another 
850,000  machines  in  just  the  past  six  months. 

•  Not  surprisingly  given  those  numbers,  17%  of  PC  users  lack  virus 
protection  and  a  third  of  respondents  fail  to  guard  their  machines 
against  spyware. 

•  Extrapolating  from  the  survey  results,  about  650,000  people  have 
bitten  on  a  spam-promoted  product  or  service  offerings  over  the  past 
six  months,  a  figure  to  keep  in  mind  next  time  you  wonder  why  spam¬ 
mers  even  bother. 

•  Five  percent  of  those  surveyed  who  have  children  under  the  age  of 
18  report  that  their  kids  have  inadvertently  been  exposed  to  pornogra¬ 
phy  through  spam,  while  the  Consumer  Reports  press  release  made  no 
mention  of  how  many  kids  opened  smutty  spam  on  purpose. 

•  While  lawmakers  continue  to  hound  MySpace  24/7,  we  learn  that 
not  all  parents  are  worried  sick  over  the  notion  that  Junior  or  Missy 
may  be  divulging  too  much  41 1  online:  Among  respondents  whose 
kids  go  online,  13%  of  the  youngsters  registered  on  MySpace  failed  to 


meet  the  site’s  14-year-old  age  minimum,  and  3%  were  younger  than 
10.  As  the  press  release  notes: “And  those  were  just  the  ones  the  par¬ 
ents  knew  about.” 

89%  say  ban  texting  while  driving 

Finally  something  about  which  roughly  nine  in  10  Americans  can 
agree: Text  messaging  while  under  the  influence  of  an  automobile 
ought  to  be  against  the  law. 

You  generally  can’t  get  nine  in  10  Americans  to  agree  on  the  day  of 
the  week,  never  mind  a  change  in  the  law  —  and  never  ever  mind  a 
change  in  the  law  that  would  have  a  direct  impact  on  them. 

Of  course,  those  nine  out  of  10  are  not  exactly  practicing  what  they 
preach  at  the  moment,  as  57%  of  those  who  drive  and  also  send  text 
messages  admit  to  doing  the  two  simultaneously  If  you’re  talking  about 
merely  reading  text  messages,  that  number  jumps  to  a  full  6%. 

The  survey  of  2,049  adults  was  conducted  by  Harris  Interactive. 

The  state  of  Washington  this  spring  became  the  first  to  ban  texting 
while  driving  and  some  half-dozen  others  have  similar  legislation 
pending.  Expect  Congress  to  act  soon. 

Ask  and  ye  shall . . . 

So  how  do  you  get  a  secret  username  and  password  out  of  an  IRS 
employee?  Turns  out  you  need  only  ask. 

A  government  inspector  called  102  IRS  folks,  claimed  to  be  in  need 
of  help  solving  a  computer  problem,  and  asked  for  their  username  and 
that  they  temporarily  change  their  password  to  one  suggested  by  the 
inspector.  Sixty-one  complied. 

These  people  know  all  there  is  to  know  about  our  personal  finances, 
yet  seem  incapable  of  locking  a  door. 

Send  your  usernames  and  passwords  to  buzz@nww.com. 
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$30,000  over  5  years. 

•  Get  more  power  in  less  space  - 12  kW  in  only  6U  (batteries  included) 

•  Reduce  energy  costs  with  industry-leading  97%  efficiency 

•  Reduce  cooling  costs  with  lower  heat  dissipation 
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Don't  touch  it.  Don't  move  it. 


integrates  with  Active  Directory?  Microsoft*  Office,  Microsoft 


Contrary  to  what  they  might  say,  VoIP  isn't  synonymous 
with  "starting  over"  (a.k.a.  ripping  and  replacing).  That's  because 
it's  no  longer  about  hardware.  It's  actually  about  software. 


Exchange  Server,  and  your  PBX.  Maximize  your  current  PBX 
investment  and  make  it  part  of  your  new  software-based  VoIP 
solution  from  Microsoft.  You're  much  closer  to  VoIP  than  you 


Now  you  can  keep  your  hardware — your  PBX,  your  gateways, 
even  your  phones.  Move  to  VoIP  with  software.  Software  that 


realize.  Learn  more  at 
microsoft.com/voip 
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